[mosquitto-dev] Please clarify fixing commit for CVE-2023-0809 and CVE-2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[mosquitto-dev] Please clarify fixing commit for CVE-2023-0809 and CVE-2023-3592

From: Markus Koschany <apo@xxxxxxxxxx>
Date: Tue, 26 Sep 2023 17:29:58 +0200
Delivered-to: mosquitto-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/mosquitto-dev/>
List-help: <mailto:mosquitto-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=unsubscribe>

Hello,

I am currently in the process of backporting the security fixes released in
2.0.16 to older Debian releases of mosquitto. This commit [1] seems to be the
fix for CVE-2023-3592. Does the same commit also address CVE-2023-0809? If not,
what was the actual fix for CVE-2023-0809. Thank you in advance.

Regards,

Markus


[1]
https://github.com/eclipse/mosquitto/commit/00b24e0eb0686e9a76feb71fdaee650cb7e612fa

Attachment: signature.asc
Description: This is a digitally signed message part

Follow-Ups:
- Re: [mosquitto-dev] Please clarify fixing commit for CVE-2023-0809 and CVE-2023-3592
  - From: Roger Light

Prev by Date: [mosquitto-dev] Mosquitto on Windows with DH-Parameters
Next by Date: Re: [mosquitto-dev] keep-alive in Mosquitto and in MQTT v5/v3.1.1
Previous by thread: [mosquitto-dev] Mosquitto on Windows with DH-Parameters
Next by thread: Re: [mosquitto-dev] Please clarify fixing commit for CVE-2023-0809 and CVE-2023-3592
Index(es):
- Date
- Thread

Breadcrumbs