mosquitto (0.15-2+deb7u3) wheezy-security; urgency=high

  * Non-maintainer upload by the Wheezy LTS Team. 
  * CVE-2017-7651
    fix to avoid extraordinary memory consumption by crafted 
    CONNECT packet from unauthenticated client
  * CVE-2017-7652
    in case all sockets/file descriptors are exhausted, this is a 
    fix to avoid default config values after reloading configuration
    by SIGHUP signal
 
 -- Thorsten Alteholz <debian@alteholz.de>  Sat, 31 Mar 2018 12:03:02 +0100

mosquitto (0.15-2+deb7u2) wheezy-security; urgency=high

  * SECURITY UPDATE: Persistence file is world readable, which may expose
    sensitive data.
    - debian/patches/mosquitto-0.15_cve-2017-9868.patch: Set umask to
      restrict persistence file read access to owner.
    - CVE-2017-9868

 -- Roger A. Light <roger@atchoo.org>  Mon, 26 Jun 2017 09:31:02 +0100

mosquitto (0.15-2+deb7u1) wheezy-security; urgency=high

  * SECURITY UPDATE: Pattern ACL can be bypassed by using a username/client id
    set to '+' or '#'.
    - debian/patches/mosquitto-1.3.4_cve-2017-7650.patch: Reject send/receive
      of messages to/from clients with a '+', '#' or '/' in their
      username/client id.
    - CVE-2017-7650

 -- Roger A. Light <roger@atchoo.org>  Tue, 23 May 2017 22:14:40 +0100

mosquitto (0.15-2) unstable; urgency=low

  * Fix broker crash when a client connects with a bad protocol version.
    (Closes: #696889)
  * Fix the possibility of topic access being granted when only acl_patterns
    is in use. (Closes: #696895)
  * Fix persistence option reloading. (Closes: #696891)

 -- Roger A. Light <roger@atchoo.org>  Fri, 28 Dec 2012 22:55:03 +0000

mosquitto (0.15-1) unstable; urgency=low

  * New upstream release: http://mosquitto.org/2012/02/version-0-15-released/
  * Updated debian/copyright to latest DEP-5.
  * Removed now unnecessary man-hyphen-minus.patch.

 -- Roger A. Light <roger@atchoo.org>  Sun, 05 Feb 2012 09:30:22 +0000

mosquitto (0.12-1) unstable; urgency=low

  * New upstream release: http://mosquitto.org/2011/07/version-0-12-released/

 -- Roger A. Light <roger@atchoo.org>  Mon, 25 Jul 2011 22:24:52 +0100

mosquitto (0.11.3-1) unstable; urgency=low

  * New upstream release: http://mosquitto.org/2011/07/version-0-11-3-released/
  * Fix init script start action to create pidfile so stop works correctly.
    (thanks to Mark Hindess, closes: #632589)
  * Fix section for client libraries in debian/control.
  * Remove disable-cmake.patch, this is handled in debian/rules now.

 -- Roger A. Light <roger@atchoo.org>  Wed, 6 July 2011 15:07:04 +0100

mosquitto (0.10-1) unstable; urgency=low

  * Initial release. (Closes: #605319)

 -- Roger A. Light <roger@atchoo.org>  Sun, 1 May 2011 20:12:51 +0100
