Package: mosquitto Version: 0.15-1 Severity: grave Tags: upstream security Justification: user security hole
When the acl_file option is in use to specify topic access control, if only pattern access is used then all clients can obtain access regardless of the ACL restrictions. This allows MQTT clients to access data that they shouldn't, but does not affect security of the system. -- System Information: Debian Release: 7.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.5.0-19-generic (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages mosquitto depends on: ii adduser 3.113+nmu3 ii libc6 2.13-37 ii libwrap0 7.6.q-24 ii lsb-base 4.1+Debian9 mosquitto recommends no packages. mosquitto suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
