eclipse/mosquitto
1
0
Fork 0
mirror of https://github.com/eclipse/mosquitto.git synced 2025-05-09 17:21:09 +08:00
Code Issues Releases Wiki Activity

CVE-2021-34434 details.

Browse Source
This commit is contained in:
Roger A. Light 2021-08-30 22:06:32 +01:00
parent 37b5aedcb6
commit 06c84aeb66
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog.txt
View File

@ -14,7 +14,7 @@ Security:
remotely accessible listener to be opened that was not confined to the local remotely accessible listener to be opened that was not confined to the local
machine but did have anonymous access enabled, contrary to the machine but did have anonymous access enabled, contrary to the
documentation. This has been fixed. Closes #2283. documentation. This has been fixed. Closes #2283.
- If a plugin had granted ACL subscription access to a - CVE-2021-34434: If a plugin had granted ACL subscription access to a
durable/non-clean-session client, then removed that access, the client would durable/non-clean-session client, then removed that access, the client would
keep its existing subscription. This has been fixed. keep its existing subscription. This has been fixed.
- Incoming QoS 2 messages that had not completed the QoS flow were not being - Incoming QoS 2 messages that had not completed the QoS flow were not being

3
www/pages/security.md
View File

@ -19,6 +19,8 @@ follow the steps on [Eclipse Security] page to report it.
Listed with most recent first. Further information on security related issues Listed with most recent first. Further information on security related issues
can be found in the [security category]. can be found in the [security category].
* August 2021: [CVE-2021-34434] Affecting versions **2.0.0** to **2.0.11**
inclusive, fixed in **2.0.12**.
* April 2021: [CVE-2021-28166] Affecting versions **2.0.0** to **2.0.9** * April 2021: [CVE-2021-28166] Affecting versions **2.0.0** to **2.0.9**
inclusive, fixed in **2.0.10**. inclusive, fixed in **2.0.10**.
* December 2020: Running mosquitto_passwd with the following arguments only * December 2020: Running mosquitto_passwd with the following arguments only
@ -69,6 +71,7 @@ can be found in the [security category].
[Eclipse Security]: https://www.eclipse.org/security/ [Eclipse Security]: https://www.eclipse.org/security/
[security category]: /blog/categories/security/ [security category]: /blog/categories/security/
[CVE-2021-34434]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34434
[CVE-2021-28166]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28166 [CVE-2021-28166]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28166
[CVE-2019-11779]: https://nvd.nist.gov/vuln/detail/CVE-2019-11779 [CVE-2019-11779]: https://nvd.nist.gov/vuln/detail/CVE-2019-11779
[CVE-2019-11778]: https://nvd.nist.gov/vuln/detail/CVE-2019-11778 [CVE-2019-11778]: https://nvd.nist.gov/vuln/detail/CVE-2019-11778