← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1752591] Re: CVE-2017-7651 and CVE-2017-7652

 

ACK on the debdiffs in comments #2 and #3. I added the bug number to the
changelog and adjusted the artful versioning.

Packages are building now and will be released as security updates
today.

Thanks!

** Also affects: mosquitto (Ubuntu Bionic)
   Importance: Undecided
       Status: Confirmed

** Also affects: mosquitto (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Also affects: mosquitto (Ubuntu Artful)
   Importance: Undecided
       Status: New

** Changed in: mosquitto (Ubuntu Bionic)
       Status: Confirmed => Fix Released

** Changed in: mosquitto (Ubuntu Xenial)
       Status: New => Fix Committed

** Changed in: mosquitto (Ubuntu Artful)
       Status: New => Fix Committed

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1752591

Title:
  CVE-2017-7651 and CVE-2017-7652

Status in mosquitto package in Ubuntu:
  Fix Released
Status in mosquitto source package in Xenial:
  Fix Committed
Status in mosquitto source package in Artful:
  Fix Committed
Status in mosquitto source package in Bionic:
  Fix Released

Bug description:
  The current available version of mosquitto pacakged in ubuntu (for all
  versions) is vulnerable to 2 cve's announced recently, including one
  for a potential DOS attach from unauthorized users. More details on
  this can be found at: https://mosquitto.org/blog/2018/02/security-
  advisory-cve-2017-7651-cve-2017-7652/ which includes links to patches
  for the CVEs. Or we can just update to 1.4.15 which should be
  backwards compatible.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mosquitto/+bug/1752591/+subscriptions