FEDORA-2019-032b36306f

security update in Fedora 29 for mosquitto

Status: obsolete

Fixes for the following CVES:

CVE-2018-12546
CVE-2018-12550
CVE-2018-12551

The list of other fixes addressed in version 1.5.6 is: Broker:

Fixed comment handling for config options that have optional arguments.
Improved documentation around bridge topic remapping.
Handle mismatched handshakes (e.g. QoS1 PUBLISH with QoS2 reply) properly.
Fix spaces not being allowed in the bridge remote_username option. Closes #1131.
Allow broker to always restart on Windows when using log_dest file. Closes #1080.
Fix Will not being sent for Websockets clients. Closes #1143.
Windows: Fix possible crash when client disconnects. Closes #1137.
Fixed durable clients being unable to receive messages when offline, when per_listener_settings was set to true. Closes #1081.
Add log message for the case where a client is disconnected for sending a topic with invalid UTF-8. Closes #1144.

Library:

Fix TLS connections not working over SOCKS.
Don't clear SSL context when TLS connection is closed, meaning if a user provided an external SSL_CTX they have less chance of leaking references.

Comments 4

This update has been submitted for testing by pbrobinson.

2 months ago

This update has been pushed to testing.

2 months ago

sedrubal 2 months ago

Looks good to me.

karma: +1

This update has been obsoleted by mosquitto-1.5.7-1.fc29.

2 months ago

Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

Text fields in Bodhi2 support an enhanced version of markdown. This is a cheat sheet for your reference.

You can do headers by underlining or by prefixing with the # character:

This is an H1
=============

This is an H2
-------------

# This is another H1

## This is another H2

You can do blockquotes using email-style prefixes with the > character:

> This is a quotation
> over many lines
> > and it can be nested(!)

Lists work like you'd expect, by prefixing with any of the *, +, or - characters:

Check out this list:

* This
* is
* a list..

You need a blank line between a paragraph and the start of a list for the renderer to pick up on it.

Emphasis can be added like this:

*italics*
_italics_
**bold**
__bold__

You can save your code references from being misinterpreted as emphasis by surrounding them with backtick characters (`):

Use `the_best_function()` and _not_ that crummy one.

Links look like this:

[text](http://getfedora.org)

..but we also support bare links if you just provide a URL.

You can create code blocks by indenting every line of the block by at least 4 spaces or 1 tab.

Here is a code block:

    for i in range(4):
        print i
    print "done."

You can reference bug reports by simply writing something of the form tracker#ticketid.

This fixes PHP#1234 and Python#2345

... we will automatically generate links to the tickets in the appropriate trackers in place.

The supported bug tracker prefixes are: (these are all case-insensitive)

Fedora, RHBZ and RH (all point to the Red Hat Bugzilla)
GNOME
KDE
PEAR
PHP
Python

And you can refer to other users by prefixing their username with the @ symbol.

Thanks @mattdm!

This will generate a link to their profile, but it won't necessarily send them a notification unless they have a special FMN rule set up to catch it.

Lastly, you can embed inline images with syntax like this:

![Alt text](/path/to/img.jpg)

-1	0	+1	Feedback Guidelines
			Is the update generally functional? (karma) You need to be logged in to add karma!

-1

Feedback Guidelines

Is the update generally functional? (karma)

You need to be logged in to add karma!

Content Type

RPM

Status

obsolete

Test Gating

Submitted by

pbrobinson

Update Type

security

Update Severity

medium

Karma

+1
stable threshold: 3
unstable threshold: -3

Autopush

Enabled

Dates

submitted	2 months ago
in testing	2 months ago

mosquitto-1.5.6-1.fc29

FEDORA-2019-032b36306f

security update in Fedora 29 for mosquitto

Comments 4

Add Comment & Feedback Toggle Preview

Automated Test Results

Add Comment & Feedback
Toggle Preview