Date: Mon, 19 Apr 2021 16:45:43 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 255229] net/mosquitto: CVE-2021-23980 Message-ID: <bug-255229-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D255229 Bug ID: 255229 Summary: net/mosquitto: CVE-2021-23980 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: daniel.engberg.lists@pyret.net CC: joe@thrallingpenguin.com Flags: maintainer-feedback?(joe@thrallingpenguin.com) CC: joe@thrallingpenguin.com Security: - CVE-2021-23980: If an authenticated client connected with MQTT v5 sent a malformed CONNACK message to the broker a NULL pointer dereference occurr= ed, most likely resulting in a segfault. Affects versions 2.0.0 to 2.0.9 inclusive. https://github.com/eclipse/mosquitto/blob/d5ecd9f5aa98d42e7549eea09a71a23ee= f241f31/ChangeLog.txt I think the easiest solution would be bumping it to 2.0.10 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-255229-7788>