group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1752591] Re: CVE-2017-7651 and CVE-2017-7652

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1752591@xxxxxxxxxxxxxxxxxx>
Date: Fri, 16 Mar 2018 13:45:41 -0000
Reply-to: Bug 1752591 <1752591@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package mosquitto - 1.4.12-1ubuntu0.1

---------------
mosquitto (1.4.12-1ubuntu0.1) artful-security; urgency=medium

  * Add upstream patch for CVE 2017-7651 (LP: #1752591)

 -- Emmet Hikory <persia@xxxxxxxxxx>  Thu, 01 Mar 2018 09:24:46 -0500

** Changed in: mosquitto (Ubuntu Artful)
       Status: Fix Committed => Fix Released

** Changed in: mosquitto (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1752591

Title:
  CVE-2017-7651 and CVE-2017-7652

Status in mosquitto package in Ubuntu:
  Fix Released
Status in mosquitto source package in Xenial:
  Fix Released
Status in mosquitto source package in Artful:
  Fix Released
Status in mosquitto source package in Bionic:
  Fix Released

Bug description:
  The current available version of mosquitto pacakged in ubuntu (for all
  versions) is vulnerable to 2 cve's announced recently, including one
  for a potential DOS attach from unauthorized users. More details on
  this can be found at: https://mosquitto.org/blog/2018/02/security-
  advisory-cve-2017-7651-cve-2017-7652/ which includes links to patches
  for the CVEs. Or we can just update to 1.4.15 which should be
  backwards compatible.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mosquitto/+bug/1752591/+subscriptions