| Re: [mosquitto-dev] Please clarify fixing commit for CVE-2023-0809 and CVE-2023-3592 |
Hi Markus, The fix for CVE-2023-0809 is https://github.com/eclipse/mosquitto/commit/a3c680fbb00a0019573fb84c29332e845e6efcad The other commit you have identified is correct for CVE-2023-3592. Thank you for your effort in maintaining Mosquitto on Debian. Regards, Roger On Tue, 26 Sept 2023 at 16:30, Markus Koschany via mosquitto-dev <mosquitto-dev@xxxxxxxxxxx> wrote: > > Hello, > > I am currently in the process of backporting the security fixes released in > 2.0.16 to older Debian releases of mosquitto. This commit [1] seems to be the > fix for CVE-2023-3592. Does the same commit also address CVE-2023-0809? If not, > what was the actual fix for CVE-2023-0809. Thank you in advance. > > Regards, > > Markus > > > [1] > https://github.com/eclipse/mosquitto/commit/00b24e0eb0686e9a76feb71fdaee650cb7e612fa > _______________________________________________ > mosquitto-dev mailing list > mosquitto-dev@xxxxxxxxxxx > To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/mosquitto-dev