On Mon, 26 Jun 2017 07:35:05 +0200 Salvatore Bonaccorso <car...@debian.org> wrote: > Source: mosquitto > Version: 1.3.4-2 > Severity: important > Tags: security upstream > Forwarded: https://github.com/eclipse/mosquitto/issues/468 > > Hi, > > the following vulnerability was published for mosquitto. > > CVE-2017-9868[0]: > | In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is > | world readable, which allows local users to obtain sensitive MQTT topic > | information. > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
This is now fixed upstream: https://github.com/eclipse/mosquitto/commit/09cb1b61c8f48284d9c42bd911faa7525cc689c7 Cheers, Emilio
