mosquitto: security bump to version 1.4.12 - buildroot

diff options

author	Peter Korsgaard <peter@korsgaard.com>	2017-05-29 23:19:59 +0200
committer	Peter Korsgaard <peter@korsgaard.com>	2017-05-30 08:58:28 +0200
commit	9e9dee25346f861f3276a4c2ab21c98b8caf88a7 (patch)
tree	662bec4ddc69fce3f915fc52418d16a5a25dd9af /package/php-imagick/php-imagick.hash
parent	27e0626e99e79655b949e13a16ebdda28c0faca2 (diff)
download	buildroot-9e9dee25346f861f3276a4c2ab21c98b8caf88a7.tar.gz buildroot-9e9dee25346f861f3276a4c2ab21c98b8caf88a7.zip

mosquitto: security bump to version 1.4.12

Fixes CVE-2017-7650: Pattern based ACLs can be bypassed by clients that set their username/client id to ‘#’ or ‘+’. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access control plugins for Mosquitto. For more details, see: https://mosquitto.org/2017/05/security-advisory-cve-2017-7650/ Remove 0001-Remove-lanl-when-WITH_ADNS-is-unset.patch as that patch is now upstream. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Diffstat (limited to 'package/php-imagick/php-imagick.hash')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: