eclipse/mosquitto
1
0
Fork 0
mirror of https://github.com/eclipse/mosquitto.git synced 2025-05-08 16:52:13 +08:00
Code Issues Releases Wiki Activity

Update details of CVE-2018-20145.

Browse Source
This commit is contained in:
Roger A. Light 2018-12-20 18:45:01 +00:00
parent 84c5d90f5c
commit 19fbbd8726
3 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog.txt
View File

@ -5,6 +5,7 @@ Security:
- If `per_listener_settings` is set to true, then the `acl_file` setting was
ignored for the "default listener" only. This has been fixed. This does not
affect any listeners defined with the `listener` option. Closes #1073.
This is now tracked as CVE-2018-20145.
Broker:
- Add `socket_domain` option to allow listeners to disable IPv6 support.

3
www/pages/security.md
View File

@ -19,7 +19,7 @@ follow the steps on [Eclipse Security] page to report it.
Listed with most recent first. Further information on security related issues
can be found in the [security category].
* December 2018: No CVE assigned. Affecting versions **1.5** to **1.5.4**
* December 2018: [CVE-2018-20145]. Affecting versions **1.5** to **1.5.4**
inclusive, fixed in **1.5.5.**. More details at [version-155-released].
* November 2018: No CVE assigned. Affecting versions **1.4** to **1.5.3**
inclusive, fixed in **1.5.4**. More details at [version-154-released].
@ -55,6 +55,7 @@ can be found in the [security category].
[Eclipse Security]: https://www.eclipse.org/security/
[security category]: /blog/categories/security/
[CVE-2018-20145]: https://nvd.nist.gov/vuln/detail/CVE-2018-20145
[CVE-2018-12543]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12543
[CVE-2017-9868]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9868
[CVE-2017-7655]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7652

2
www/posts/2018/12/version-155-released.md
View File

@ -17,6 +17,7 @@ This is a bugfix and security release.
- If `per_listener_settings` is set to true, then the `acl_file` setting was
ignored for the "default listener" only. This has been fixed. This does not
affect any listeners defined with the `listener` option. Closes [#1073].
This is now tracked as [CVE-2018-20145].
## Broker
- Add `socket_domain` option to allow listeners to disable IPv6 support.
@ -46,6 +47,7 @@ This is a bugfix and security release.
- Fix building where TLS-PSK is not available. Closes [#68].
[CVE-2018-20145]: https://nvd.nist.gov/vuln/detail/CVE-2018-20145
[#68]: https://github.com/eclipse/mosquitto/issues/68
[#537]: https://github.com/eclipse/mosquitto/issues/537
[#613]: https://github.com/eclipse/mosquitto/issues/613