2018-08-08 21:43:14 +00:00
|
|
|
<!--
|
|
|
|
.. title: Security
|
|
|
|
.. slug: security
|
|
|
|
.. date: 2018-02-07 10:52:50 UTC
|
|
|
|
.. tags:
|
|
|
|
.. category:
|
|
|
|
.. link:
|
|
|
|
.. description:
|
|
|
|
.. type: text
|
|
|
|
-->
|
|
|
|
|
|
|
|
# Reporting security vulnerabilities
|
|
|
|
|
|
|
|
If you think you have found a security vulnerability in Mosquitto, please
|
|
|
|
follow the steps on [Eclipse Security] page to report it.
|
|
|
|
|
|
|
|
# Past vulnerabilities
|
|
|
|
|
|
|
|
Listed with most recent first. Further information on security related issues
|
|
|
|
can be found in the [security category].
|
|
|
|
|
2018-12-20 18:45:01 +00:00
|
|
|
* December 2018: [CVE-2018-20145]. Affecting versions **1.5** to **1.5.4**
|
2018-12-11 16:07:18 +00:00
|
|
|
inclusive, fixed in **1.5.5.**. More details at [version-155-released].
|
2018-11-08 17:14:43 +00:00
|
|
|
* November 2018: No CVE assigned. Affecting versions **1.4** to **1.5.3**
|
|
|
|
inclusive, fixed in **1.5.4**. More details at [version-154-released].
|
2018-09-27 09:48:03 +00:00
|
|
|
* September 2018: [CVE-2018-12543] affecting versions **1.5** to **1.5.2**
|
|
|
|
inclusive, fixed in **1.5.3**.
|
2018-09-20 14:25:28 +00:00
|
|
|
* April 2018: [CVE-2017-7655] affecting versions **1.0** to **1.4.15**
|
|
|
|
inclusive, fixed in **1.5**.
|
|
|
|
* April 2018: [CVE-2017-7654] affecting versions **1.0** to **1.4.15**
|
|
|
|
inclusive, fixed in **1.5**.
|
|
|
|
[security-advisory-cve-2017-7653-cve-2017-7654].
|
|
|
|
* April 2018: [CVE-2017-7653] affecting versions **1.0** to **1.4.15**
|
|
|
|
inclusive, fixed in **1.5**.
|
2018-08-08 21:43:14 +00:00
|
|
|
* February 2018: [CVE-2017-7651] affecting versions **0.15** to **1.4.14**
|
|
|
|
inclusive, fixed in **1.4.15**. More details at
|
|
|
|
[security-advisory-cve-2017-7651-cve-2017-7652].
|
|
|
|
* February 2018: [CVE-2017-7652] affecting versions **1.0** to **1.4.14**
|
|
|
|
inclusive, fixed in **1.4.15**. More details at
|
|
|
|
[security-advisory-cve-2017-7651-cve-2017-7652].
|
|
|
|
* June 2017: [CVE-2017-9868] affecting versions **0.15** to **1.4.12**
|
|
|
|
inclusive, fixed in **1.4.13**. More details at
|
|
|
|
[security-advisory-cve-2017-9868].
|
|
|
|
* May 2017: [CVE-2017-7650] affecting versions **0.15** to **1.4.11**
|
|
|
|
inclusive, fixed in **1.4.12**. More details at
|
|
|
|
[security-advisory-cve-2017-7650].
|
|
|
|
|
2018-12-11 16:07:18 +00:00
|
|
|
[version-155-released]: /2018/11/version-155-released/
|
2018-11-08 17:14:43 +00:00
|
|
|
[version-154-released]: /2018/11/version-154-released/
|
2018-09-27 09:48:03 +00:00
|
|
|
[security-advisory-cve-2018-12543]: /2018/09/security-advisory-cve-2018-12543/
|
2018-08-08 21:43:14 +00:00
|
|
|
[security-advisory-cve-2017-7651-cve-2017-7652]: /2018/02/security-advisory-cve-2017-7651-cve-2017-7652/
|
|
|
|
[security-advisory-cve-2017-7650]: /2017/05/security-advisory-cve-2017-7650/
|
|
|
|
[security-advisory-cve-2017-9868]: /2017/06/security-advisory-cve-2017-9868/
|
2018-09-20 14:25:28 +00:00
|
|
|
|
|
|
|
[Eclipse Security]: https://www.eclipse.org/security/
|
2018-08-08 21:43:14 +00:00
|
|
|
[security category]: /blog/categories/security/
|
2018-09-20 14:25:28 +00:00
|
|
|
|
2018-12-20 18:45:01 +00:00
|
|
|
[CVE-2018-20145]: https://nvd.nist.gov/vuln/detail/CVE-2018-20145
|
2018-09-27 09:48:03 +00:00
|
|
|
[CVE-2018-12543]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12543
|
2018-09-20 14:25:28 +00:00
|
|
|
[CVE-2017-9868]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9868
|
|
|
|
[CVE-2017-7655]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7652
|
|
|
|
[CVE-2017-7654]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7652
|
|
|
|
[CVE-2017-7653]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7652
|
|
|
|
[CVE-2017-7652]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7652
|
|
|
|
[CVE-2017-7651]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7651
|
|
|
|
[CVE-2017-7650]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7650
|