There are two more commits that were suggested by upstream, which aren't related to this specific CVE but are likely to be security relevant:
"Fix crash on bridge using remapped topic being sent a crafted packet." https://github.com/eclipse-mosquitto/mosquitto/commit/ae7a804dadac8f2aaedb24336df8496a9680fda9 "Don't allow SUBACK with missing reason codes." https://github.com/eclipse-mosquitto/mosquitto/commit/8ab20b4ba4204fdcdec78cb4d9f03c944a6e0e1c -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2141738 Title: CVE-2024-8376: use-after-free in shared subscription handling To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mosquitto/+bug/2141738/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
