Ubuntu CVE Tracker

Merge ~gianz/ubuntu-cve-tracker:mosquitto_cves into ubuntu-cve-tracker:master

  1. Git
  2. lp:~gianz/ubuntu-cve-tracker
  3. mosquitto_cves
  4. Merge into master
Proposed by Giampaolo Fresi Roglia
Status: Merged
Merged at revision: b0bf512858af8a807b922df7edf6e1935877999a
Proposed branch: ~gianz/ubuntu-cve-tracker:mosquitto_cves
Merge into: ubuntu-cve-tracker:master
Diff against target: 384 lines (+114/-105)
9 files modified
active/CVE-2021-28166 (+12/-11)
active/CVE-2021-34431 (+14/-13)
active/CVE-2021-34432 (+15/-11)
active/CVE-2021-34434 (+12/-12)
active/CVE-2021-41039 (+12/-12)
active/CVE-2023-0809 (+12/-12)
active/CVE-2023-28366 (+14/-12)
active/CVE-2023-3592 (+11/-11)
active/CVE-2023-5632 (+12/-11)
Reviewer Review Type Date Requested Status
Eduardo Barretto Approve
Review via email: mp+455959@code.launchpad.net

Commit message

Push triage results for mosquitto

To post a comment you must log in.
Revision history for this message
Eduardo Barretto (ebarretto) wrote :

lgtm, thanks

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/active/CVE-2021-28166 b/active/CVE-2021-28166
index a9b185d..2636d4d 100644
--- a/active/CVE-2021-28166
+++ b/active/CVE-2021-28166
@@ -20,22 +20,23 @@ CVSS:
2020
2121
22Patches_mosquitto:22Patches_mosquitto:
23upstream_mosquitto: needs-triage23 upstream: https://bugs.eclipse.org/bugs/attachment.cgi?id=286040&action=diff
24upstream_mosquitto: released (2.0.10)
24precise/esm_mosquitto: DNE25precise/esm_mosquitto: DNE
25trusty_mosquitto: ignored (end of standard support)26trusty_mosquitto: ignored (end of standard support)
26trusty/esm_mosquitto: needs-triage27trusty/esm_mosquitto: not-affected (code not present)
27xenial_mosquitto: ignored (end of standard support, was needs-triage)28xenial_mosquitto: ignored (end of standard support, was needs-triage)
28esm-apps/xenial_mosquitto: needs-triage29esm-apps/xenial_mosquitto: not-affected (code not present)
29bionic_mosquitto: ignored (end of standard support, was needs-triage)30bionic_mosquitto: ignored (end of standard support, was needs-triage)
30esm-apps/bionic_mosquitto: needs-triage31esm-apps/bionic_mosquitto: not-affected (code not present)
31focal_mosquitto: needs-triage32focal_mosquitto: not-affected (code not present)
32esm-apps/focal_mosquitto: needs-triage33esm-apps/focal_mosquitto: not-affected (code not present)
33groovy_mosquitto: ignored (end of life)34groovy_mosquitto: ignored (end of life)
34hirsute_mosquitto: ignored (end of life)35hirsute_mosquitto: ignored (end of life)
35impish_mosquitto: ignored (end of life)36impish_mosquitto: ignored (end of life)
36jammy_mosquitto: needs-triage37jammy_mosquitto: not-affected (2.0.11-1ubuntu1)
37esm-apps/jammy_mosquitto: needs-triage38esm-apps/jammy_mosquitto: not-affected (2.0.11-1ubuntu1)
38kinetic_mosquitto: ignored (end of life, was needs-triage)39kinetic_mosquitto: ignored (end of life, was needs-triage)
39lunar_mosquitto: needs-triage40lunar_mosquitto: not-affected (2.0.11-1.2)
40mantic_mosquitto: needs-triage41mantic_mosquitto: not-affected (2.0.18-1)
41devel_mosquitto: needs-triage42devel_mosquitto: not-affected (2.0.18-1)
diff --git a/active/CVE-2021-34431 b/active/CVE-2021-34431
index 16d3408..45c5cd9 100644
--- a/active/CVE-2021-34431
+++ b/active/CVE-2021-34431
@@ -13,28 +13,29 @@ Notes:
13Mitigation:13Mitigation:
14Bugs:14Bugs:
15Priority: medium15Priority: medium
16Discovered-by:16Discovered-by: Kathrin Kleinhammer
17Assigned-to: gianz17Assigned-to: gianz
18CVSS:18CVSS:
19 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H [6.5 MEDIUM]19 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H [6.5 MEDIUM]
2020
2121
22Patches_mosquitto:22Patches_mosquitto:
23upstream_mosquitto: needs-triage23 upstream: https://github.com/eclipse/mosquitto/commit/42163634c72d41a1f12d299f54e00adf14520eb2
24trusty_mosquitto: ignored (end of standard support)24upstream_mosquitto: released (2.0.11)
25trusty/esm_mosquitto: needs-triage25trusty_mosquitto: ignored
26trusty/esm_mosquitto: not-affected (code not present)
26xenial_mosquitto: ignored (end of standard support)27xenial_mosquitto: ignored (end of standard support)
27esm-apps/xenial_mosquitto: needs-triage28esm-apps/xenial_mosquitto: not-affected (code not present)
28bionic_mosquitto: ignored (end of standard support, was needs-triage)29bionic_mosquitto: ignored (end of standard support, was needs-triage)
29esm-apps/bionic_mosquitto: needs-triage30esm-apps/bionic_mosquitto: not-affected (code not present)
30focal_mosquitto: needs-triage31focal_mosquitto: needed
31esm-apps/focal_mosquitto: needs-triage32esm-apps/focal_mosquitto: needed
32groovy_mosquitto: ignored (end of life)33groovy_mosquitto: ignored (end of life)
33hirsute_mosquitto: ignored (end of life)34hirsute_mosquitto: ignored (end of life)
34impish_mosquitto: ignored (end of life)35impish_mosquitto: ignored (end of life)
35jammy_mosquitto: needs-triage36jammy_mosquitto: not-affected (2.0.11-1ubuntu1)
36esm-apps/jammy_mosquitto: needs-triage37esm-apps/jammy_mosquitto: not-affected (2.0.11-1ubuntu1)
37kinetic_mosquitto: ignored (end of life, was needs-triage)38kinetic_mosquitto: ignored (end of life, was needs-triage)
38lunar_mosquitto: needs-triage39lunar_mosquitto: not-affected (2.0.11-1.2)
39mantic_mosquitto: needs-triage40mantic_mosquitto: not-affected (2.0.18-1)
40devel_mosquitto: needs-triage41devel_mosquitto: not-affected (2.0.18-1)
diff --git a/active/CVE-2021-34432 b/active/CVE-2021-34432
index 044b53e..74c015e 100644
--- a/active/CVE-2021-34432
+++ b/active/CVE-2021-34432
@@ -9,10 +9,14 @@ Description:
9 the client tries to send a PUBLISH packet with topic length = 0.9 the client tries to send a PUBLISH packet with topic length = 0.
10Ubuntu-Description:10Ubuntu-Description:
11Notes:11Notes:
12 gianz> PoC: https://bugs.eclipse.org/bugs/show_bug.cgi?id=574141 (first message)
13 gianz> The CVE indicates versions <= 2.0.7 as affected.
14 gianz> However only versions >= 2.0.0 and <= 2.0.7 are vulnerable.
15 gianz> No crash detected running the PoC against any previous version we support.
12Mitigation:16Mitigation:
13Bugs:17Bugs:
14Priority: medium18Priority: medium
15Discovered-by:19Discovered-by: Bryan Pearson
16Assigned-to: gianz20Assigned-to: gianz
17CVSS:21CVSS:
18 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]22 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]
@@ -21,18 +25,18 @@ CVSS:
21Patches_mosquitto:25Patches_mosquitto:
22upstream_mosquitto: released (2.0.8-1)26upstream_mosquitto: released (2.0.8-1)
23trusty_mosquitto: ignored (end of standard support)27trusty_mosquitto: ignored (end of standard support)
24trusty/esm_mosquitto: needs-triage28trusty/esm_mosquitto: not-affected (code not present)
25xenial_mosquitto: ignored (end of standard support)29xenial_mosquitto: ignored (end of standard support)
26esm-apps/xenial_mosquitto: needs-triage30esm-apps/xenial_mosquitto: not-affected (code not present)
27bionic_mosquitto: ignored (end of standard support, was needs-triage)31bionic_mosquitto: ignored (end of standard support, was needs-triage)
28esm-apps/bionic_mosquitto: needs-triage32esm-apps/bionic_mosquitto: not-affected (code not present)
29focal_mosquitto: needs-triage33focal_mosquitto: not-affected (code not present)
30esm-apps/focal_mosquitto: needs-triage34esm-apps/focal_mosquitto: not-affected (code not present)
31hirsute_mosquitto: not-affected (2.0.10-3)35hirsute_mosquitto: not-affected (2.0.10-3)
32impish_mosquitto: not-affected36impish_mosquitto: not-affected
33jammy_mosquitto: not-affected37jammy_mosquitto: not-affected (2.0.11-1ubuntu1)
34esm-apps/jammy_mosquitto: not-affected38esm-apps/jammy_mosquitto: not-affected (2.0.11-1ubuntu1)
35kinetic_mosquitto: not-affected39kinetic_mosquitto: not-affected
36lunar_mosquitto: not-affected40lunar_mosquitto: not-affected (2.0.11-1.2)
37mantic_mosquitto: not-affected41mantic_mosquitto: not-affected (2.0.18-1)
38devel_mosquitto: not-affected42devel_mosquitto: not-affected (2.0.18-1)
diff --git a/active/CVE-2021-34434 b/active/CVE-2021-34434
index 318e38e..2b99f90 100644
--- a/active/CVE-2021-34434
+++ b/active/CVE-2021-34434
@@ -13,27 +13,27 @@ Notes:
13Mitigation:13Mitigation:
14Bugs:14Bugs:
15Priority: medium15Priority: medium
16Discovered-by:16Discovered-by: Zhanxiang Song
17Assigned-to: gianz17Assigned-to: gianz
18CVSS:18CVSS:
19 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N [5.3 MEDIUM]19 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N [5.3 MEDIUM]
2020
2121
22Patches_mosquitto:22Patches_mosquitto:
23upstream_mosquitto: needs-triage23upstream_mosquitto: released (2.0.12)
24trusty_mosquitto: ignored (end of standard support)24trusty_mosquitto: ignored (end of standard support)
25trusty/esm_mosquitto: needs-triage25trusty/esm_mosquitto: not-affected (code not present)
26xenial_mosquitto: ignored (end of standard support)26xenial_mosquitto: ignored (end of standard support)
27esm-apps/xenial_mosquitto: needs-triage27esm-apps/xenial_mosquitto: not-affected (code not present)
28bionic_mosquitto: ignored (end of standard support, was needs-triage)28bionic_mosquitto: ignored (end of standard support, was needs-triage)
29esm-apps/bionic_mosquitto: needs-triage29esm-apps/bionic_mosquitto: not-affected (code not present)
30focal_mosquitto: needs-triage30focal_mosquitto: not-affected (code not present)
31esm-apps/focal_mosquitto: needs-triage31esm-apps/focal_mosquitto: not-affected (code not present)
32hirsute_mosquitto: ignored (end of life)32hirsute_mosquitto: ignored (end of life)
33impish_mosquitto: ignored (end of life)33impish_mosquitto: ignored (end of life)
34jammy_mosquitto: needs-triage34jammy_mosquitto: needed
35esm-apps/jammy_mosquitto: needs-triage35esm-apps/jammy_mosquitto: needed
36kinetic_mosquitto: ignored (end of life, was needs-triage)36kinetic_mosquitto: ignored (end of life, was needs-triage)
37lunar_mosquitto: needs-triage37lunar_mosquitto: needed
38mantic_mosquitto: needs-triage38mantic_mosquitto: not-affected (2.0.18-1)
39devel_mosquitto: needs-triage39devel_mosquitto: not-affected (2.0.18-1)
diff --git a/active/CVE-2021-41039 b/active/CVE-2021-41039
index 4d62d6e..94d63fb 100644
--- a/active/CVE-2021-41039
+++ b/active/CVE-2021-41039
@@ -13,27 +13,27 @@ Notes:
13Mitigation:13Mitigation:
14Bugs:14Bugs:
15Priority: medium15Priority: medium
16Discovered-by:16Discovered-by: Zhanxiang Song, Bin Yuan, DeQing Zou, Hai Jin
17Assigned-to: gianz17Assigned-to: gianz
18CVSS:18CVSS:
19 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]19 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]
2020
2121
22Patches_mosquitto:22Patches_mosquitto:
23upstream_mosquitto: needs-triage23upstream_mosquitto: released (2.0.12)
24trusty/esm_mosquitto: needs-triage24trusty/esm_mosquitto: not-affected (code not present)
25trusty_mosquitto: ignored (end of standard support)25trusty_mosquitto: ignored (end of standard support)
26xenial_mosquitto: ignored (end of standard support)26xenial_mosquitto: ignored (end of standard support)
27esm-apps/xenial_mosquitto: needs-triage27esm-apps/xenial_mosquitto: not-affected (code-not-present)
28bionic_mosquitto: ignored (end of standard support, was needs-triage)28bionic_mosquitto: ignored (end of standard support, was needs-triage)
29esm-apps/bionic_mosquitto: needs-triage29esm-apps/bionic_mosquitto: not-affected (code-not-present)
30focal_mosquitto: needs-triage30focal_mosquitto: needed
31esm-apps/focal_mosquitto: needs-triage31esm-apps/focal_mosquitto: needed
32hirsute_mosquitto: ignored (end of life)32hirsute_mosquitto: ignored (end of life)
33impish_mosquitto: ignored (end of life)33impish_mosquitto: ignored (end of life)
34jammy_mosquitto: needs-triage34jammy_mosquitto: needed
35esm-apps/jammy_mosquitto: needs-triage35esm-apps/jammy_mosquitto: needed
36kinetic_mosquitto: ignored (end of life, was needs-triage)36kinetic_mosquitto: ignored (end of life, was needs-triage)
37lunar_mosquitto: needs-triage37lunar_mosquitto: not-affected (2.0.11-1.2)
38mantic_mosquitto: needs-triage38mantic_mosquitto: not-affected (2.0.18-1)
39devel_mosquitto: needs-triage39devel_mosquitto: not-affected (2.0.18-1)
diff --git a/active/CVE-2023-0809 b/active/CVE-2023-0809
index f901e17..854eccf 100644
--- a/active/CVE-2023-0809
+++ b/active/CVE-2023-0809
@@ -11,23 +11,23 @@ Notes:
11Mitigation:11Mitigation:
12Bugs:12Bugs:
13Priority: medium13Priority: medium
14Discovered-by:14Discovered-by: Zhengjie Du
15Assigned-to: gianz15Assigned-to: gianz
16CVSS:16CVSS:
17 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L [5.3 MEDIUM]17 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L [5.3 MEDIUM]
1818
19Patches_mosquitto:19Patches_mosquitto:
20upstream_mosquitto: needs-triage20upstream_mosquitto: released (2.0.16)
21trusty_mosquitto: ignored (end of standard support)21trusty_mosquitto: ignored (end of standard support)
22trusty/esm_mosquitto: needs-triage22trusty/esm_mosquitto: not-affected (code-not-present)
23xenial_mosquitto: ignored (end of standard support)23xenial_mosquitto: ignored (end of standard support)
24esm-apps/xenial_mosquitto: needs-triage24esm-apps/xenial_mosquitto: not-affected (code-not-present)
25bionic_mosquitto: ignored (end of standard support)25bionic_mosquitto: ignored (end of standard support)
26esm-apps/bionic_mosquitto: needs-triage26esm-apps/bionic_mosquitto: not-affected (code-not-present)
27focal_mosquitto: needs-triage27focal_mosquitto: needed
28esm-apps/focal_mosquitto: needs-triage28esm-apps/focal_mosquitto: needed
29jammy_mosquitto: needs-triage29jammy_mosquitto: needed
30esm-apps/jammy_mosquitto: needs-triage30esm-apps/jammy_mosquitto: needed
31lunar_mosquitto: needs-triage31lunar_mosquitto: needed
32mantic_mosquitto: needs-triage32mantic_mosquitto: not-affected (2.0.18-1)
33devel_mosquitto: needs-triage33devel_mosquitto: not-affected (2.0.18-1)
diff --git a/active/CVE-2023-28366 b/active/CVE-2023-28366
index 1779dc6..31d6115 100644
--- a/active/CVE-2023-28366
+++ b/active/CVE-2023-28366
@@ -15,26 +15,28 @@ Description:
15 function.15 function.
16Ubuntu-Description:16Ubuntu-Description:
17Notes:17Notes:
18 gianz> Memory leak requiring refactoring of core functions to be fixed.
19 gianz> Applying the patches to versions < 2.0.0 is likely to cause regressions.
18Mitigation:20Mitigation:
19Bugs:21Bugs:
20Priority: medium22Priority: medium
21Discovered-by:23Discovered-by: Mischa Bachmann
22Assigned-to: gianz24Assigned-to: gianz
23CVSS:25CVSS:
24 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]26 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]
2527
26Patches_mosquitto:28Patches_mosquitto:
27upstream_mosquitto: needs-triage29upstream_mosquitto: released (2.0.16)
28trusty_mosquitto: ignored (end of standard support)30trusty_mosquitto: ignored (end of standard support)
29trusty/esm_mosquitto: needs-triage31trusty/esm_mosquitto: not-affected (code-not-present)
30xenial_mosquitto: ignored (end of standard support)32xenial_mosquitto: ignored (end of standard support)
31esm-apps/xenial_mosquitto: needs-triage33esm-apps/xenial_mosquitto: ignored (backporting risks regressions)
32bionic_mosquitto: ignored (end of standard support)34bionic_mosquitto: ignored (end of standard support)
33esm-apps/bionic_mosquitto: needs-triage35esm-apps/bionic_mosquitto: ignored (backporting risks regressions)
34focal_mosquitto: needs-triage36focal_mosquitto: ignored (backporting risks regressions)
35esm-apps/focal_mosquitto: needs-triage37esm-apps/focal_mosquitto: ignored (backporting risks regressions)
36jammy_mosquitto: needs-triage38jammy_mosquitto: needed
37esm-apps/jammy_mosquitto: needs-triage39esm-apps/jammy_mosquitto: needed
38lunar_mosquitto: needs-triage40lunar_mosquitto: needed
39mantic_mosquitto: needs-triage41mantic_mosquitto: not-affected (2.0.18-1)
40devel_mosquitto: needs-triage42devel_mosquitto: not-affected (2.0.18-1)
diff --git a/active/CVE-2023-3592 b/active/CVE-2023-3592
index f91290d..345f181 100644
--- a/active/CVE-2023-3592
+++ b/active/CVE-2023-3592
@@ -18,17 +18,17 @@ CVSS:
18 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]18 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]
1919
20Patches_mosquitto:20Patches_mosquitto:
21upstream_mosquitto: needs-triage21upstream_mosquitto: released (2.0.16)
22trusty_mosquitto: ignored (end of standard support)22trusty_mosquitto: ignored (end of standard support)
23trusty/esm_mosquitto: needs-triage23trusty/esm_mosquitto: not-affected (code-not-present)
24xenial_mosquitto: ignored (end of standard support)24xenial_mosquitto: ignored (end of standard support)
25esm-apps/xenial_mosquitto: needs-triage25esm-apps/xenial_mosquitto: not-affected (code-not-present)
26bionic_mosquitto: ignored (end of standard support)26bionic_mosquitto: ignored (end of standard support)
27esm-apps/bionic_mosquitto: needs-triage27esm-apps/bionic_mosquitto: not-affected (code-not-present)
28focal_mosquitto: needs-triage28focal_mosquitto: needed
29esm-apps/focal_mosquitto: needs-triage29esm-apps/focal_mosquitto: needed
30jammy_mosquitto: needs-triage30jammy_mosquitto: needed
31esm-apps/jammy_mosquitto: needs-triage31esm-apps/jammy_mosquitto: needed
32lunar_mosquitto: needs-triage32lunar_mosquitto: needed
33mantic_mosquitto: needs-triage33mantic_mosquitto: not-affected (2.0.18-1)
34devel_mosquitto: needs-triage34devel_mosquitto: not-affected (2.0.18-1)
diff --git a/active/CVE-2023-5632 b/active/CVE-2023-5632
index d009dbb..1d372d3 100644
--- a/active/CVE-2023-5632
+++ b/active/CVE-2023-5632
@@ -13,26 +13,27 @@ Description:
13 fixed in 2.0.613 fixed in 2.0.6
14Ubuntu-Description:14Ubuntu-Description:
15Notes:15Notes:
16 gianz> Tested in Focal and below. Unable to reproduce the bug.
16Mitigation:17Mitigation:
17Bugs:18Bugs:
18Priority: medium19Priority: medium
19Discovered-by:20Discovered-by: Przemybsław Zygmunt
20Assigned-to: gianz21Assigned-to: gianz
21CVSS:22CVSS:
22 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]23 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]
2324
24Patches_mosquitto:25Patches_mosquitto:
25upstream_mosquitto: released (2.0.7-1)26upstream_mosquitto: released (2.0.6)
26trusty_mosquitto: ignored (end of standard support)27trusty_mosquitto: ignored (end of standard support)
27trusty/esm_mosquitto: needs-triage28trusty/esm_mosquitto: not-affected (code-not-present)
28xenial_mosquitto: ignored (end of standard support)29xenial_mosquitto: ignored (end of standard support)
29esm-apps/xenial_mosquitto: needs-triage30esm-apps/xenial_mosquitto: not-affected (code-not-present)
30bionic_mosquitto: ignored (end of standard support)31bionic_mosquitto: ignored (end of standard support)
31esm-apps/bionic_mosquitto: needs-triage32esm-apps/bionic_mosquitto: not-affected (code-not-present)
32focal_mosquitto: needs-triage33focal_mosquitto: not-affected (code-not-present)
33esm-apps/focal_mosquitto: needs-triage34esm-apps/focal_mosquitto: not-affected (code-not-present)
34jammy_mosquitto: not-affected (2.0.11-1ubuntu1)35jammy_mosquitto: not-affected (2.0.11-1ubuntu1)
35esm-apps/jammy_mosquitto: not-affected36esm-apps/jammy_mosquitto: not-affected (2.0.11-1ubuntu1)
36lunar_mosquitto: not-affected37lunar_mosquitto: not-affected (2.0.11-1.2)
37mantic_mosquitto: not-affected38mantic_mosquitto: not-affected (2.0.18-1)
38devel_mosquitto: not-affected39devel_mosquitto: not-affected (2.0.18-1)

Subscribers

People subscribed via source and target branches