{ "schema_version": "1.7.0", "id": "MGASA-2021-0349", "published": "2021-07-12T21:57:00Z", "modified": "2021-07-12T20:46:10Z", "summary": "Updated mosquitto packages fix security vulnerability", "details": "Updated mosquitto packages fix security vulnerability:\n\nIf an authenticated client connected with MQTT v5 sent a crafted CONNECT\nmessage to the broker a memory leak would occur.\n\nFor other fixes in this update, see the mosquitto.org blog reference.\n", "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2021-0349.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=29024" }, { "type": "WEB", "url": "http://mosquitto.org/blog/2021/06/version-2-0-11-released/" } ], "affected": [ { "package": { "ecosystem": "Mageia:7", "name": "mosquitto", "purl": "pkg:rpm/mageia/mosquitto?arch=source&distro=mageia-7" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "1.6.15-1.mga7" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:7", "name": "uthash", "purl": "pkg:rpm/mageia/uthash?arch=source&distro=mageia-7" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "2.1.0-1.mga7" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:8", "name": "mosquitto", "purl": "pkg:rpm/mageia/mosquitto?arch=source&distro=mageia-8" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "2.0.11-1.mga8" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }