d0kuhn/mosquitto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update CVE information.

Browse Source
This commit is contained in:
Roger Light 2021-04-10 08:28:41 +01:00
parent 34522913ea
commit d5ecd9f5aa
3 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog.txt
View File

@ -2,10 +2,9 @@
================== ==================
Security: Security:
- CVE-xxxx-xxxx: If an authenticated client connected with MQTT v5 sent a - CVE-2021-23980: If an authenticated client connected with MQTT v5 sent a
malformed CONNACK message to the broker a NULL pointer dereference occurred, malformed CONNACK message to the broker a NULL pointer dereference occurred,
most likely resulting in a segfault. This will be updated with the CVE most likely resulting in a segfault.
number when it is assigned.
Affects versions 2.0.0 to 2.0.9 inclusive. Affects versions 2.0.0 to 2.0.9 inclusive.
Broker: Broker:

3
www/pages/security.md
View File

@ -19,7 +19,7 @@ follow the steps on [Eclipse Security] page to report it.
Listed with most recent first. Further information on security related issues Listed with most recent first. Further information on security related issues
can be found in the [security category]. can be found in the [security category].
* April 2021: CVE-xxxx-xxxx Affecting versions **2.0.0** to **2.0.9** * April 2021: [CVE-2021-28166] Affecting versions **2.0.0** to **2.0.9**
inclusive, fixed in **2.0.10**. inclusive, fixed in **2.0.10**.
* December 2020: Running mosquitto_passwd with the following arguments only * December 2020: Running mosquitto_passwd with the following arguments only
`mosquitto_passwd -b password_file username password` would cause the `mosquitto_passwd -b password_file username password` would cause the
@ -69,6 +69,7 @@ can be found in the [security category].
[Eclipse Security]: https://www.eclipse.org/security/ [Eclipse Security]: https://www.eclipse.org/security/
[security category]: /blog/categories/security/ [security category]: /blog/categories/security/
[CVE-2021-28166]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28166
[CVE-2019-11779]: https://nvd.nist.gov/vuln/detail/CVE-2019-11779 [CVE-2019-11779]: https://nvd.nist.gov/vuln/detail/CVE-2019-11779
[CVE-2019-11778]: https://nvd.nist.gov/vuln/detail/CVE-2019-11778 [CVE-2019-11778]: https://nvd.nist.gov/vuln/detail/CVE-2019-11778
[CVE-2018-20145]: https://nvd.nist.gov/vuln/detail/CVE-2018-20145 [CVE-2018-20145]: https://nvd.nist.gov/vuln/detail/CVE-2018-20145

3
www/posts/2021/04/version-2-0-10-released.md
View File

@ -13,7 +13,7 @@ Versions 2.0.10 of Mosquitto has been released. This is a security and bugfix
release. release.
# Security # Security
- CVE-xxxx-xxxx: If an authenticated client connected with MQTT v5 sent a - [CVE-2021-23980]: If an authenticated client connected with MQTT v5 sent a
malformed CONNACK message to the broker a NULL pointer dereference occurred, malformed CONNACK message to the broker a NULL pointer dereference occurred,
most likely resulting in a segfault. This will be updated with the CVE most likely resulting in a segfault. This will be updated with the CVE
number when it is assigned. number when it is assigned.
@ -41,6 +41,7 @@ release.
- Fix CMake cross compile builds not finding opensslconf.h. Closes [#2160]. - Fix CMake cross compile builds not finding opensslconf.h. Closes [#2160].
- Fix build on Solaris non-sparc. Closes [#2136]. - Fix build on Solaris non-sparc. Closes [#2136].
[CVE-2021-23980]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28166
[#2134]: https://github.com/eclipse/mosquitto/issues/2134 [#2134]: https://github.com/eclipse/mosquitto/issues/2134
[#2136]: https://github.com/eclipse/mosquitto/issues/2136 [#2136]: https://github.com/eclipse/mosquitto/issues/2136
[#2152]: https://github.com/eclipse/mosquitto/issues/2152 [#2152]: https://github.com/eclipse/mosquitto/issues/2152