Update CVE info on release post.
This commit is contained in:
parent
83ee01474b
commit
3933bb55bb
@ -13,16 +13,17 @@ Mosquitto 1.6.6 and 1.5.9 have been released to address two security vulnerabili
|
||||
|
||||
Titles and links will be updated once the CVE numbers are assigned.
|
||||
|
||||
# CVE-xxxx-xxxxx
|
||||
# CVE-2019-11779
|
||||
|
||||
A vulnerability exists in Mosquitto versions 1.5 to 1.6.5 inclusive.
|
||||
A vulnerability exists in Mosquitto versions 1.5 to 1.6.5 inclusive, known as
|
||||
[CVE-2019-11779].
|
||||
|
||||
If a client sends a SUBSCRIBE packet containing a topic that consists of
|
||||
approximately 65400 or more '/' characters, i.e. the topic hierarchy separator,
|
||||
then a stack overflow will occur.
|
||||
|
||||
The issue is fixed in Mosquitto 1.6.6 and 1.5.9. Patches for older versions are
|
||||
available at <https://mosquitto.org/files/cve/2019-hier>
|
||||
available at <https://mosquitto.org/files/cve/2019-11779>
|
||||
|
||||
The fix addresses the problem by restricting the allowed number of topic
|
||||
hierarchy levels to 200. An alternative fix is to increase the size of the
|
||||
@ -39,7 +40,7 @@ interval is set longer than the session expiry interval, then a use after free
|
||||
error occurs, which has the potential to cause a crash in some situations.
|
||||
|
||||
The issue is fixed in Mosquitto 1.6.5. Patches for older versions are available
|
||||
at <https://mosquitto.org/files/cve/2019-will-delay>
|
||||
at <https://mosquitto.org/files/cve/2019-11778>
|
||||
|
||||
# Version 1.6.6 Changes
|
||||
|
||||
@ -57,5 +58,6 @@ The complete list of fixes addressed in version 1.6.6 is:
|
||||
not exist. Closes [#1414].
|
||||
|
||||
[CVE-2019-11778]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11778
|
||||
[CVE-2019-11779]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11779
|
||||
[#1412]: https://github.com/eclipse/mosquitto/issues/1412
|
||||
[#1414]: https://github.com/eclipse/mosquitto/issues/1414
|
||||
|
Loading…
Reference in New Issue
Block a user