[Bug 255229] net/mosquitto: CVE-2021-23980
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Apr 19 16:45:43 UTC 2021
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255229
Bug ID: 255229
Summary: net/mosquitto: CVE-2021-23980
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: Individual Port(s)
Assignee: ports-bugs at FreeBSD.org
Reporter: daniel.engberg.lists at pyret.net
CC: joe at thrallingpenguin.com
Flags: maintainer-feedback?(joe at thrallingpenguin.com)
CC: joe at thrallingpenguin.com
Security:
- CVE-2021-23980: If an authenticated client connected with MQTT v5 sent a
malformed CONNACK message to the broker a NULL pointer dereference occurred,
most likely resulting in a segfault.
Affects versions 2.0.0 to 2.0.9 inclusive.
https://github.com/eclipse/mosquitto/blob/d5ecd9f5aa98d42e7549eea09a71a23eef241f31/ChangeLog.txt
I think the easiest solution would be bumping it to 2.0.10
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list