eclipse/mosquitto
1
0
Fork 0
mirror of https://github.com/eclipse/mosquitto.git synced 2025-05-09 01:01:11 +08:00
Code Issues Releases Wiki Activity

CVE-2021-34434 details.

Browse Source
This commit is contained in:
Roger A. Light 2021-08-30 22:06:32 +01:00
parent 37b5aedcb6
commit 06c84aeb66
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog.txt
View File

@ -14,7 +14,7 @@ Security:
remotely accessible listener to be opened that was not confined to the local
machine but did have anonymous access enabled, contrary to the
documentation. This has been fixed. Closes #2283.
- If a plugin had granted ACL subscription access to a
- CVE-2021-34434: If a plugin had granted ACL subscription access to a
durable/non-clean-session client, then removed that access, the client would
keep its existing subscription. This has been fixed.
- Incoming QoS 2 messages that had not completed the QoS flow were not being

3
www/pages/security.md
View File

@ -19,6 +19,8 @@ follow the steps on [Eclipse Security] page to report it.
Listed with most recent first. Further information on security related issues
can be found in the [security category].
* August 2021: [CVE-2021-34434] Affecting versions **2.0.0** to **2.0.11**
inclusive, fixed in **2.0.12**.
* April 2021: [CVE-2021-28166] Affecting versions **2.0.0** to **2.0.9**
inclusive, fixed in **2.0.10**.
* December 2020: Running mosquitto_passwd with the following arguments only
@ -69,6 +71,7 @@ can be found in the [security category].
[Eclipse Security]: https://www.eclipse.org/security/
[security category]: /blog/categories/security/
[CVE-2021-34434]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34434
[CVE-2021-28166]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28166
[CVE-2019-11779]: https://nvd.nist.gov/vuln/detail/CVE-2019-11779
[CVE-2019-11778]: https://nvd.nist.gov/vuln/detail/CVE-2019-11778