[Buildroot] [PATCH] mosquitto: security bump to version 1.4.15

Peter Korsgaard peter at korsgaard.com
Thu Mar 1 22:04:35 UTC 2018


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes CVE-2017-7651: Unauthenticated clients can send a crafted CONNECT
 > packet which causes large amounts of memory use in the broker.  If multiple
 > clients do this, an out of memory situation can occur and the system may
 > become unresponsive or the broker will be killed by the operating system.

 > The fix addresses the problem by limiting the permissible size for CONNECT
 > packet, and by adding a memory_limit configuration option that allows the
 > broker to self limit the amount of memory it uses.

 > The hash of new tarball is not (yet) available through download.php, so use
 > a locally calculated hash.

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list