Package: mosquitto Version: 0.15-1 Severity: grave Tags: upstream Justification: causes non-serious data loss
If a client connects to the broker with an incorrect protocol version (i.e. not 3) then the broker will crash. The cause is a double free(), so there is no chance of a buffer overrun or similar vulnerability. This bug allows any client to perform a simple DoS on the broker and will result in other clients losing messages. -- System Information: Debian Release: 7.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.5.0-19-generic (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages mosquitto depends on: ii adduser 3.113+nmu3 ii libc6 2.13-37 ii libwrap0 7.6.q-24 ii lsb-base 4.1+Debian9 mosquitto recommends no packages. mosquitto suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
