[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [mosquitto-dev] Security update: CVE-2021-34432
|
Thanks Peter, you are quite correct.
On Tue, 17 Aug 2021 at 23:12, Peter Korsgaard <peter@xxxxxxxxxxxxx> wrote:
>
> >>>>> "Roger" == Roger Light <roger@xxxxxxxxxx> writes:
>
> > Dear all,
> > Mosquitto versions 2.0.0 to 2.0.7 was affected by a bug where the
> > broker would cause a segmentation fault if a client sent a topic with
> > length zero. A change was included in version 2.0.8 that fixed the
> > issue without it being identified.
>
> > This is your reminder to update to the latest 2.0.x release if you
> > have not already done so.
>
> > Thanks to Peter Korsgaard for finding and reporting the issue.
>
> Sorry, that is not correct. The issue was reported Bryan Pearson as
> mentioned in the bugtracker linked from the CVE:
>
> https://bugs.eclipse.org/bugs/show_bug.cgi?id=574141
>
> And fixed by Roger.
>
> The only thing I have done is requested an update of the CPE info for
> the CVE, which incorrectly stated that all mosquitto versions <= 2.07
> were affected (instead of <= 2.0.7).
>
> --
> Bye, Peter Korsgaard