Fedora 30: mosquitto Security Update
Summary
Mosquitto is an open source message broker that implements the MQ Telemetry
Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method
of carrying out messaging using a publish/subscribe model. This makes it
suitable for "machine to machine" messaging such as with low power sensors
or mobile devices such as phones, embedded computers or micro-controllers
like the Arduino.
1.6.2 ===== Broker: * Fix memory access after free, leading to possible crash,
when v5 client with Will message disconnects, where the Will message has as its
first property one of `content-type`, `correlation-data`, `payload-format-indicator`, or `response-topic`. * Fix build for WITH_TLS=no. * Fix Will message
not allowing user-property properties. * Fix broker originated messages (e.g.
$SYS/broker/version) not being published when `check_retain_source` set to true.
Closes #1245. * Fix $SYS/broker/version being incorrectly expired after 60
seconds. Closes #1245. Library: * Fix crash after client has been unable to
connect to a broker. This occurs when the client is exiting and is part of the
final library cleanup routine. Closes #1246. Clients: * Fix -L url parsing.
Closes #1248. ---- 1.6.1 release
* Tue Apr 30 2019 Peter Robinson
- 1.6.2 release
* Sat Apr 27 2019 Peter Robinson
- 1.6.1 release
* Thu Apr 18 2019 Peter Robinson
- Major new 1.6.0 release
- Support for MQTT 5
su -c 'dnf upgrade --advisory FEDORA-2019-cc896df591' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
FEDORA-2019-cc896df591 2019-05-11 01:56:51.127416 Product : Fedora 30 Version : 1.6.2 Release : 1.fc30 URL : https://mosquitto.org/ Summary : An Open Source MQTT v3.1/v3.1.1 Broker Description : Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power sensors or mobile devices such as phones, embedded computers or micro-controllers like the Arduino. 1.6.2 ===== Broker: * Fix memory access after free, leading to possible crash, when v5 client with Will message disconnects, where the Will message has as its first property one of `content-type`, `correlation-data`, `payload-format-indicator`, or `response-topic`. * Fix build for WITH_TLS=no. * Fix Will message not allowing user-property properties. * Fix broker originated messages (e.g. $SYS/broker/version) not being published when `check_retain_source` set to true. Closes #1245. * Fix $SYS/broker/version being incorrectly expired after 60 seconds. Closes #1245. Library: * Fix crash after client has been unable to connect to a broker. This occurs when the client is exiting and is part of the final library cleanup routine. Closes #1246. Clients: * Fix -L url parsing. Closes #1248. ---- 1.6.1 release * Tue Apr 30 2019 Peter Robinson 1.6.2-1 - 1.6.2 release * Sat Apr 27 2019 Peter Robinson 1.6.1-1 - 1.6.1 release * Thu Apr 18 2019 Peter Robinson 1.6.0-1 - Major new 1.6.0 release - Support for MQTT 5 su -c 'dnf upgrade --advisory FEDORA-2019-cc896df591' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Change Log
References