github
/
mosquitto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CVE-2021-34434 details.

Browse Source
pull/2343/head
Roger A. Light 4 years ago
parent 37b5aedcb6
commit 06c84aeb66
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File

2
ChangeLog.txt
Unescape Escape View File

@ -14,7 +14,7 @@ Security:
remotely accessible listener to be opened that was not confined to the local remotely accessible listener to be opened that was not confined to the local
machine but did have anonymous access enabled, contrary to the machine but did have anonymous access enabled, contrary to the
documentation. This has been fixed. Closes #2283. documentation. This has been fixed. Closes #2283.
- If a plugin had granted ACL subscription access to a - CVE-2021-34434: If a plugin had granted ACL subscription access to a
durable/non-clean-session client, then removed that access, the client would durable/non-clean-session client, then removed that access, the client would
keep its existing subscription. This has been fixed. keep its existing subscription. This has been fixed.
- Incoming QoS 2 messages that had not completed the QoS flow were not being - Incoming QoS 2 messages that had not completed the QoS flow were not being

3
www/pages/security.md
Unescape Escape View File

@ -19,6 +19,8 @@ follow the steps on [Eclipse Security] page to report it.
Listed with most recent first. Further information on security related issues Listed with most recent first. Further information on security related issues
can be found in the [security category]. can be found in the [security category].
* August 2021: [CVE-2021-34434] Affecting versions **2.0.0** to **2.0.11**
inclusive, fixed in **2.0.12**.
* April 2021: [CVE-2021-28166] Affecting versions **2.0.0** to **2.0.9** * April 2021: [CVE-2021-28166] Affecting versions **2.0.0** to **2.0.9**
inclusive, fixed in **2.0.10**. inclusive, fixed in **2.0.10**.
* December 2020: Running mosquitto_passwd with the following arguments only * December 2020: Running mosquitto_passwd with the following arguments only
@ -69,6 +71,7 @@ can be found in the [security category].
[Eclipse Security]: https://www.eclipse.org/security/ [Eclipse Security]: https://www.eclipse.org/security/
[security category]: /blog/categories/security/ [security category]: /blog/categories/security/
[CVE-2021-34434]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34434
[CVE-2021-28166]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28166 [CVE-2021-28166]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28166
[CVE-2019-11779]: https://nvd.nist.gov/vuln/detail/CVE-2019-11779 [CVE-2019-11779]: https://nvd.nist.gov/vuln/detail/CVE-2019-11779
[CVE-2019-11778]: https://nvd.nist.gov/vuln/detail/CVE-2019-11778 [CVE-2019-11778]: https://nvd.nist.gov/vuln/detail/CVE-2019-11778

Write Preview
Loading…
Cancel
Save