group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #22294
[Bug 1752591] Re: CVE-2017-7651 and CVE-2017-7652
ACK on the debdiffs in comments #2 and #3. I added the bug number to the
changelog and adjusted the artful versioning.
Packages are building now and will be released as security updates
today.
Thanks!
** Also affects: mosquitto (Ubuntu Bionic)
Importance: Undecided
Status: Confirmed
** Also affects: mosquitto (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: mosquitto (Ubuntu Artful)
Importance: Undecided
Status: New
** Changed in: mosquitto (Ubuntu Bionic)
Status: Confirmed => Fix Released
** Changed in: mosquitto (Ubuntu Xenial)
Status: New => Fix Committed
** Changed in: mosquitto (Ubuntu Artful)
Status: New => Fix Committed
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1752591
Title:
CVE-2017-7651 and CVE-2017-7652
Status in mosquitto package in Ubuntu:
Fix Released
Status in mosquitto source package in Xenial:
Fix Committed
Status in mosquitto source package in Artful:
Fix Committed
Status in mosquitto source package in Bionic:
Fix Released
Bug description:
The current available version of mosquitto pacakged in ubuntu (for all
versions) is vulnerable to 2 cve's announced recently, including one
for a potential DOS attach from unauthorized users. More details on
this can be found at: https://mosquitto.org/blog/2018/02/security-
advisory-cve-2017-7651-cve-2017-7652/ which includes links to patches
for the CVEs. Or we can just update to 1.4.15 which should be
backwards compatible.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mosquitto/+bug/1752591/+subscriptions