[SECURITY] [DLA 1146-1] mosquitto security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : mosquitto
Version : 0.15-2+deb7u2
CVE ID : CVE-2017-9868
Debian Bug : 865959
mosquitto's persistence file (mosquitto.db) was created in a
world-readable way thus allowing local users to obtain sensitive MQTT
topic information. While the application has been fixed to set
proper permissions by default, you still have to manually fix
the permissions on any existing file.
For Debian 7 "Wheezy", these problems have been fixed in version
0.15-2+deb7u2.
We recommend that you upgrade your mosquitto packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- --
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/
-----BEGIN PGP SIGNATURE-----
Comment: Signed by Raphael Hertzog
iQEyBAEBCgAdFiEE1823g1EQnhJ1LsbSA4gdq+vCmrkFAlnyB54ACgkQA4gdq+vC
mrmk1Af3YmnqEQ6UnQ1msJuq1Wv4floBLSIo7/eQ36uoIwZAOX8uMBjkEjXDO1k3
sfdfYTKbyHQK6tY5dV+8OTU/6QwhoH/k/71DNog99Y3a9RP3B0lvjjkcb7om7IEW
lgLddJhl/OrLGgySVmWcqEp4lopNxUbGZM8aMecH+7ZzgF+M2Ehl6+nncVdI5Krl
JuDd0WyU0VD0hIdw/5MzNT23Cl9M46otDKx/U8PZi2kjHJ9jHFVLqy4FVusX2Qrk
Cqc0zxqixpb+IM5iaVcyPE0V9JqJMVc0b/HreK4itVpfOQd3BPbkjDA8ZMukSu+H
kmb2PHqRg2XQEAiOQWMTIeMPhPQg
=KTO2
-----END PGP SIGNATURE-----
Reply to: