Merge ~gianz/ubuntu-cve-tracker:mosquitto_cves into ubuntu-cve-tracker:master
- Git
- lp:~gianz/ubuntu-cve-tracker
- mosquitto_cves
- Merge into master
Proposed by
Giampaolo Fresi Roglia
Status: | Merged |
---|---|
Merged at revision: | b0bf512858af8a807b922df7edf6e1935877999a |
Proposed branch: | ~gianz/ubuntu-cve-tracker:mosquitto_cves |
Merge into: | ubuntu-cve-tracker:master |
Diff against target: |
384 lines (+114/-105) 9 files modified
active/CVE-2021-28166 (+12/-11) active/CVE-2021-34431 (+14/-13) active/CVE-2021-34432 (+15/-11) active/CVE-2021-34434 (+12/-12) active/CVE-2021-41039 (+12/-12) active/CVE-2023-0809 (+12/-12) active/CVE-2023-28366 (+14/-12) active/CVE-2023-3592 (+11/-11) active/CVE-2023-5632 (+12/-11) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Eduardo Barretto | Approve | ||
Review via email: mp+455959@code.launchpad.net |
Commit message
Push triage results for mosquitto
Description of the change
To post a comment you must log in.
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | diff --git a/active/CVE-2021-28166 b/active/CVE-2021-28166 | |||
2 | index a9b185d..2636d4d 100644 | |||
3 | --- a/active/CVE-2021-28166 | |||
4 | +++ b/active/CVE-2021-28166 | |||
5 | @@ -20,22 +20,23 @@ CVSS: | |||
6 | 20 | 20 | ||
7 | 21 | 21 | ||
8 | 22 | Patches_mosquitto: | 22 | Patches_mosquitto: |
10 | 23 | upstream_mosquitto: needs-triage | 23 | upstream: https://bugs.eclipse.org/bugs/attachment.cgi?id=286040&action=diff |
11 | 24 | upstream_mosquitto: released (2.0.10) | ||
12 | 24 | precise/esm_mosquitto: DNE | 25 | precise/esm_mosquitto: DNE |
13 | 25 | trusty_mosquitto: ignored (end of standard support) | 26 | trusty_mosquitto: ignored (end of standard support) |
15 | 26 | trusty/esm_mosquitto: needs-triage | 27 | trusty/esm_mosquitto: not-affected (code not present) |
16 | 27 | xenial_mosquitto: ignored (end of standard support, was needs-triage) | 28 | xenial_mosquitto: ignored (end of standard support, was needs-triage) |
18 | 28 | esm-apps/xenial_mosquitto: needs-triage | 29 | esm-apps/xenial_mosquitto: not-affected (code not present) |
19 | 29 | bionic_mosquitto: ignored (end of standard support, was needs-triage) | 30 | bionic_mosquitto: ignored (end of standard support, was needs-triage) |
23 | 30 | esm-apps/bionic_mosquitto: needs-triage | 31 | esm-apps/bionic_mosquitto: not-affected (code not present) |
24 | 31 | focal_mosquitto: needs-triage | 32 | focal_mosquitto: not-affected (code not present) |
25 | 32 | esm-apps/focal_mosquitto: needs-triage | 33 | esm-apps/focal_mosquitto: not-affected (code not present) |
26 | 33 | groovy_mosquitto: ignored (end of life) | 34 | groovy_mosquitto: ignored (end of life) |
27 | 34 | hirsute_mosquitto: ignored (end of life) | 35 | hirsute_mosquitto: ignored (end of life) |
28 | 35 | impish_mosquitto: ignored (end of life) | 36 | impish_mosquitto: ignored (end of life) |
31 | 36 | jammy_mosquitto: needs-triage | 37 | jammy_mosquitto: not-affected (2.0.11-1ubuntu1) |
32 | 37 | esm-apps/jammy_mosquitto: needs-triage | 38 | esm-apps/jammy_mosquitto: not-affected (2.0.11-1ubuntu1) |
33 | 38 | kinetic_mosquitto: ignored (end of life, was needs-triage) | 39 | kinetic_mosquitto: ignored (end of life, was needs-triage) |
37 | 39 | lunar_mosquitto: needs-triage | 40 | lunar_mosquitto: not-affected (2.0.11-1.2) |
38 | 40 | mantic_mosquitto: needs-triage | 41 | mantic_mosquitto: not-affected (2.0.18-1) |
39 | 41 | devel_mosquitto: needs-triage | 42 | devel_mosquitto: not-affected (2.0.18-1) |
40 | diff --git a/active/CVE-2021-34431 b/active/CVE-2021-34431 | |||
41 | index 16d3408..45c5cd9 100644 | |||
42 | --- a/active/CVE-2021-34431 | |||
43 | +++ b/active/CVE-2021-34431 | |||
44 | @@ -13,28 +13,29 @@ Notes: | |||
45 | 13 | Mitigation: | 13 | Mitigation: |
46 | 14 | Bugs: | 14 | Bugs: |
47 | 15 | Priority: medium | 15 | Priority: medium |
49 | 16 | Discovered-by: | 16 | Discovered-by: Kathrin Kleinhammer |
50 | 17 | Assigned-to: gianz | 17 | Assigned-to: gianz |
51 | 18 | CVSS: | 18 | CVSS: |
52 | 19 | nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H [6.5 MEDIUM] | 19 | nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H [6.5 MEDIUM] |
53 | 20 | 20 | ||
54 | 21 | 21 | ||
55 | 22 | Patches_mosquitto: | 22 | Patches_mosquitto: |
59 | 23 | upstream_mosquitto: needs-triage | 23 | upstream: https://github.com/eclipse/mosquitto/commit/42163634c72d41a1f12d299f54e00adf14520eb2 |
60 | 24 | trusty_mosquitto: ignored (end of standard support) | 24 | upstream_mosquitto: released (2.0.11) |
61 | 25 | trusty/esm_mosquitto: needs-triage | 25 | trusty_mosquitto: ignored |
62 | 26 | trusty/esm_mosquitto: not-affected (code not present) | ||
63 | 26 | xenial_mosquitto: ignored (end of standard support) | 27 | xenial_mosquitto: ignored (end of standard support) |
65 | 27 | esm-apps/xenial_mosquitto: needs-triage | 28 | esm-apps/xenial_mosquitto: not-affected (code not present) |
66 | 28 | bionic_mosquitto: ignored (end of standard support, was needs-triage) | 29 | bionic_mosquitto: ignored (end of standard support, was needs-triage) |
70 | 29 | esm-apps/bionic_mosquitto: needs-triage | 30 | esm-apps/bionic_mosquitto: not-affected (code not present) |
71 | 30 | focal_mosquitto: needs-triage | 31 | focal_mosquitto: needed |
72 | 31 | esm-apps/focal_mosquitto: needs-triage | 32 | esm-apps/focal_mosquitto: needed |
73 | 32 | groovy_mosquitto: ignored (end of life) | 33 | groovy_mosquitto: ignored (end of life) |
74 | 33 | hirsute_mosquitto: ignored (end of life) | 34 | hirsute_mosquitto: ignored (end of life) |
75 | 34 | impish_mosquitto: ignored (end of life) | 35 | impish_mosquitto: ignored (end of life) |
78 | 35 | jammy_mosquitto: needs-triage | 36 | jammy_mosquitto: not-affected (2.0.11-1ubuntu1) |
79 | 36 | esm-apps/jammy_mosquitto: needs-triage | 37 | esm-apps/jammy_mosquitto: not-affected (2.0.11-1ubuntu1) |
80 | 37 | kinetic_mosquitto: ignored (end of life, was needs-triage) | 38 | kinetic_mosquitto: ignored (end of life, was needs-triage) |
84 | 38 | lunar_mosquitto: needs-triage | 39 | lunar_mosquitto: not-affected (2.0.11-1.2) |
85 | 39 | mantic_mosquitto: needs-triage | 40 | mantic_mosquitto: not-affected (2.0.18-1) |
86 | 40 | devel_mosquitto: needs-triage | 41 | devel_mosquitto: not-affected (2.0.18-1) |
87 | diff --git a/active/CVE-2021-34432 b/active/CVE-2021-34432 | |||
88 | index 044b53e..74c015e 100644 | |||
89 | --- a/active/CVE-2021-34432 | |||
90 | +++ b/active/CVE-2021-34432 | |||
91 | @@ -9,10 +9,14 @@ Description: | |||
92 | 9 | the client tries to send a PUBLISH packet with topic length = 0. | 9 | the client tries to send a PUBLISH packet with topic length = 0. |
93 | 10 | Ubuntu-Description: | 10 | Ubuntu-Description: |
94 | 11 | Notes: | 11 | Notes: |
95 | 12 | gianz> PoC: https://bugs.eclipse.org/bugs/show_bug.cgi?id=574141 (first message) | ||
96 | 13 | gianz> The CVE indicates versions <= 2.0.7 as affected. | ||
97 | 14 | gianz> However only versions >= 2.0.0 and <= 2.0.7 are vulnerable. | ||
98 | 15 | gianz> No crash detected running the PoC against any previous version we support. | ||
99 | 12 | Mitigation: | 16 | Mitigation: |
100 | 13 | Bugs: | 17 | Bugs: |
101 | 14 | Priority: medium | 18 | Priority: medium |
103 | 15 | Discovered-by: | 19 | Discovered-by: Bryan Pearson |
104 | 16 | Assigned-to: gianz | 20 | Assigned-to: gianz |
105 | 17 | CVSS: | 21 | CVSS: |
106 | 18 | nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH] | 22 | nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH] |
107 | @@ -21,18 +25,18 @@ CVSS: | |||
108 | 21 | Patches_mosquitto: | 25 | Patches_mosquitto: |
109 | 22 | upstream_mosquitto: released (2.0.8-1) | 26 | upstream_mosquitto: released (2.0.8-1) |
110 | 23 | trusty_mosquitto: ignored (end of standard support) | 27 | trusty_mosquitto: ignored (end of standard support) |
112 | 24 | trusty/esm_mosquitto: needs-triage | 28 | trusty/esm_mosquitto: not-affected (code not present) |
113 | 25 | xenial_mosquitto: ignored (end of standard support) | 29 | xenial_mosquitto: ignored (end of standard support) |
115 | 26 | esm-apps/xenial_mosquitto: needs-triage | 30 | esm-apps/xenial_mosquitto: not-affected (code not present) |
116 | 27 | bionic_mosquitto: ignored (end of standard support, was needs-triage) | 31 | bionic_mosquitto: ignored (end of standard support, was needs-triage) |
120 | 28 | esm-apps/bionic_mosquitto: needs-triage | 32 | esm-apps/bionic_mosquitto: not-affected (code not present) |
121 | 29 | focal_mosquitto: needs-triage | 33 | focal_mosquitto: not-affected (code not present) |
122 | 30 | esm-apps/focal_mosquitto: needs-triage | 34 | esm-apps/focal_mosquitto: not-affected (code not present) |
123 | 31 | hirsute_mosquitto: not-affected (2.0.10-3) | 35 | hirsute_mosquitto: not-affected (2.0.10-3) |
124 | 32 | impish_mosquitto: not-affected | 36 | impish_mosquitto: not-affected |
127 | 33 | jammy_mosquitto: not-affected | 37 | jammy_mosquitto: not-affected (2.0.11-1ubuntu1) |
128 | 34 | esm-apps/jammy_mosquitto: not-affected | 38 | esm-apps/jammy_mosquitto: not-affected (2.0.11-1ubuntu1) |
129 | 35 | kinetic_mosquitto: not-affected | 39 | kinetic_mosquitto: not-affected |
133 | 36 | lunar_mosquitto: not-affected | 40 | lunar_mosquitto: not-affected (2.0.11-1.2) |
134 | 37 | mantic_mosquitto: not-affected | 41 | mantic_mosquitto: not-affected (2.0.18-1) |
135 | 38 | devel_mosquitto: not-affected | 42 | devel_mosquitto: not-affected (2.0.18-1) |
136 | diff --git a/active/CVE-2021-34434 b/active/CVE-2021-34434 | |||
137 | index 318e38e..2b99f90 100644 | |||
138 | --- a/active/CVE-2021-34434 | |||
139 | +++ b/active/CVE-2021-34434 | |||
140 | @@ -13,27 +13,27 @@ Notes: | |||
141 | 13 | Mitigation: | 13 | Mitigation: |
142 | 14 | Bugs: | 14 | Bugs: |
143 | 15 | Priority: medium | 15 | Priority: medium |
145 | 16 | Discovered-by: | 16 | Discovered-by: Zhanxiang Song |
146 | 17 | Assigned-to: gianz | 17 | Assigned-to: gianz |
147 | 18 | CVSS: | 18 | CVSS: |
148 | 19 | nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N [5.3 MEDIUM] | 19 | nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N [5.3 MEDIUM] |
149 | 20 | 20 | ||
150 | 21 | 21 | ||
151 | 22 | Patches_mosquitto: | 22 | Patches_mosquitto: |
153 | 23 | upstream_mosquitto: needs-triage | 23 | upstream_mosquitto: released (2.0.12) |
154 | 24 | trusty_mosquitto: ignored (end of standard support) | 24 | trusty_mosquitto: ignored (end of standard support) |
156 | 25 | trusty/esm_mosquitto: needs-triage | 25 | trusty/esm_mosquitto: not-affected (code not present) |
157 | 26 | xenial_mosquitto: ignored (end of standard support) | 26 | xenial_mosquitto: ignored (end of standard support) |
159 | 27 | esm-apps/xenial_mosquitto: needs-triage | 27 | esm-apps/xenial_mosquitto: not-affected (code not present) |
160 | 28 | bionic_mosquitto: ignored (end of standard support, was needs-triage) | 28 | bionic_mosquitto: ignored (end of standard support, was needs-triage) |
164 | 29 | esm-apps/bionic_mosquitto: needs-triage | 29 | esm-apps/bionic_mosquitto: not-affected (code not present) |
165 | 30 | focal_mosquitto: needs-triage | 30 | focal_mosquitto: not-affected (code not present) |
166 | 31 | esm-apps/focal_mosquitto: needs-triage | 31 | esm-apps/focal_mosquitto: not-affected (code not present) |
167 | 32 | hirsute_mosquitto: ignored (end of life) | 32 | hirsute_mosquitto: ignored (end of life) |
168 | 33 | impish_mosquitto: ignored (end of life) | 33 | impish_mosquitto: ignored (end of life) |
171 | 34 | jammy_mosquitto: needs-triage | 34 | jammy_mosquitto: needed |
172 | 35 | esm-apps/jammy_mosquitto: needs-triage | 35 | esm-apps/jammy_mosquitto: needed |
173 | 36 | kinetic_mosquitto: ignored (end of life, was needs-triage) | 36 | kinetic_mosquitto: ignored (end of life, was needs-triage) |
177 | 37 | lunar_mosquitto: needs-triage | 37 | lunar_mosquitto: needed |
178 | 38 | mantic_mosquitto: needs-triage | 38 | mantic_mosquitto: not-affected (2.0.18-1) |
179 | 39 | devel_mosquitto: needs-triage | 39 | devel_mosquitto: not-affected (2.0.18-1) |
180 | diff --git a/active/CVE-2021-41039 b/active/CVE-2021-41039 | |||
181 | index 4d62d6e..94d63fb 100644 | |||
182 | --- a/active/CVE-2021-41039 | |||
183 | +++ b/active/CVE-2021-41039 | |||
184 | @@ -13,27 +13,27 @@ Notes: | |||
185 | 13 | Mitigation: | 13 | Mitigation: |
186 | 14 | Bugs: | 14 | Bugs: |
187 | 15 | Priority: medium | 15 | Priority: medium |
189 | 16 | Discovered-by: | 16 | Discovered-by: Zhanxiang Song, Bin Yuan, DeQing Zou, Hai Jin |
190 | 17 | Assigned-to: gianz | 17 | Assigned-to: gianz |
191 | 18 | CVSS: | 18 | CVSS: |
192 | 19 | nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH] | 19 | nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH] |
193 | 20 | 20 | ||
194 | 21 | 21 | ||
195 | 22 | Patches_mosquitto: | 22 | Patches_mosquitto: |
198 | 23 | upstream_mosquitto: needs-triage | 23 | upstream_mosquitto: released (2.0.12) |
199 | 24 | trusty/esm_mosquitto: needs-triage | 24 | trusty/esm_mosquitto: not-affected (code not present) |
200 | 25 | trusty_mosquitto: ignored (end of standard support) | 25 | trusty_mosquitto: ignored (end of standard support) |
201 | 26 | xenial_mosquitto: ignored (end of standard support) | 26 | xenial_mosquitto: ignored (end of standard support) |
203 | 27 | esm-apps/xenial_mosquitto: needs-triage | 27 | esm-apps/xenial_mosquitto: not-affected (code-not-present) |
204 | 28 | bionic_mosquitto: ignored (end of standard support, was needs-triage) | 28 | bionic_mosquitto: ignored (end of standard support, was needs-triage) |
208 | 29 | esm-apps/bionic_mosquitto: needs-triage | 29 | esm-apps/bionic_mosquitto: not-affected (code-not-present) |
209 | 30 | focal_mosquitto: needs-triage | 30 | focal_mosquitto: needed |
210 | 31 | esm-apps/focal_mosquitto: needs-triage | 31 | esm-apps/focal_mosquitto: needed |
211 | 32 | hirsute_mosquitto: ignored (end of life) | 32 | hirsute_mosquitto: ignored (end of life) |
212 | 33 | impish_mosquitto: ignored (end of life) | 33 | impish_mosquitto: ignored (end of life) |
215 | 34 | jammy_mosquitto: needs-triage | 34 | jammy_mosquitto: needed |
216 | 35 | esm-apps/jammy_mosquitto: needs-triage | 35 | esm-apps/jammy_mosquitto: needed |
217 | 36 | kinetic_mosquitto: ignored (end of life, was needs-triage) | 36 | kinetic_mosquitto: ignored (end of life, was needs-triage) |
221 | 37 | lunar_mosquitto: needs-triage | 37 | lunar_mosquitto: not-affected (2.0.11-1.2) |
222 | 38 | mantic_mosquitto: needs-triage | 38 | mantic_mosquitto: not-affected (2.0.18-1) |
223 | 39 | devel_mosquitto: needs-triage | 39 | devel_mosquitto: not-affected (2.0.18-1) |
224 | diff --git a/active/CVE-2023-0809 b/active/CVE-2023-0809 | |||
225 | index f901e17..854eccf 100644 | |||
226 | --- a/active/CVE-2023-0809 | |||
227 | +++ b/active/CVE-2023-0809 | |||
228 | @@ -11,23 +11,23 @@ Notes: | |||
229 | 11 | Mitigation: | 11 | Mitigation: |
230 | 12 | Bugs: | 12 | Bugs: |
231 | 13 | Priority: medium | 13 | Priority: medium |
233 | 14 | Discovered-by: | 14 | Discovered-by: Zhengjie Du |
234 | 15 | Assigned-to: gianz | 15 | Assigned-to: gianz |
235 | 16 | CVSS: | 16 | CVSS: |
236 | 17 | nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L [5.3 MEDIUM] | 17 | nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L [5.3 MEDIUM] |
237 | 18 | 18 | ||
238 | 19 | Patches_mosquitto: | 19 | Patches_mosquitto: |
240 | 20 | upstream_mosquitto: needs-triage | 20 | upstream_mosquitto: released (2.0.16) |
241 | 21 | trusty_mosquitto: ignored (end of standard support) | 21 | trusty_mosquitto: ignored (end of standard support) |
243 | 22 | trusty/esm_mosquitto: needs-triage | 22 | trusty/esm_mosquitto: not-affected (code-not-present) |
244 | 23 | xenial_mosquitto: ignored (end of standard support) | 23 | xenial_mosquitto: ignored (end of standard support) |
246 | 24 | esm-apps/xenial_mosquitto: needs-triage | 24 | esm-apps/xenial_mosquitto: not-affected (code-not-present) |
247 | 25 | bionic_mosquitto: ignored (end of standard support) | 25 | bionic_mosquitto: ignored (end of standard support) |
256 | 26 | esm-apps/bionic_mosquitto: needs-triage | 26 | esm-apps/bionic_mosquitto: not-affected (code-not-present) |
257 | 27 | focal_mosquitto: needs-triage | 27 | focal_mosquitto: needed |
258 | 28 | esm-apps/focal_mosquitto: needs-triage | 28 | esm-apps/focal_mosquitto: needed |
259 | 29 | jammy_mosquitto: needs-triage | 29 | jammy_mosquitto: needed |
260 | 30 | esm-apps/jammy_mosquitto: needs-triage | 30 | esm-apps/jammy_mosquitto: needed |
261 | 31 | lunar_mosquitto: needs-triage | 31 | lunar_mosquitto: needed |
262 | 32 | mantic_mosquitto: needs-triage | 32 | mantic_mosquitto: not-affected (2.0.18-1) |
263 | 33 | devel_mosquitto: needs-triage | 33 | devel_mosquitto: not-affected (2.0.18-1) |
264 | diff --git a/active/CVE-2023-28366 b/active/CVE-2023-28366 | |||
265 | index 1779dc6..31d6115 100644 | |||
266 | --- a/active/CVE-2023-28366 | |||
267 | +++ b/active/CVE-2023-28366 | |||
268 | @@ -15,26 +15,28 @@ Description: | |||
269 | 15 | function. | 15 | function. |
270 | 16 | Ubuntu-Description: | 16 | Ubuntu-Description: |
271 | 17 | Notes: | 17 | Notes: |
272 | 18 | gianz> Memory leak requiring refactoring of core functions to be fixed. | ||
273 | 19 | gianz> Applying the patches to versions < 2.0.0 is likely to cause regressions. | ||
274 | 18 | Mitigation: | 20 | Mitigation: |
275 | 19 | Bugs: | 21 | Bugs: |
276 | 20 | Priority: medium | 22 | Priority: medium |
278 | 21 | Discovered-by: | 23 | Discovered-by: Mischa Bachmann |
279 | 22 | Assigned-to: gianz | 24 | Assigned-to: gianz |
280 | 23 | CVSS: | 25 | CVSS: |
281 | 24 | nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH] | 26 | nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH] |
282 | 25 | 27 | ||
283 | 26 | Patches_mosquitto: | 28 | Patches_mosquitto: |
285 | 27 | upstream_mosquitto: needs-triage | 29 | upstream_mosquitto: released (2.0.16) |
286 | 28 | trusty_mosquitto: ignored (end of standard support) | 30 | trusty_mosquitto: ignored (end of standard support) |
288 | 29 | trusty/esm_mosquitto: needs-triage | 31 | trusty/esm_mosquitto: not-affected (code-not-present) |
289 | 30 | xenial_mosquitto: ignored (end of standard support) | 32 | xenial_mosquitto: ignored (end of standard support) |
291 | 31 | esm-apps/xenial_mosquitto: needs-triage | 33 | esm-apps/xenial_mosquitto: ignored (backporting risks regressions) |
292 | 32 | bionic_mosquitto: ignored (end of standard support) | 34 | bionic_mosquitto: ignored (end of standard support) |
301 | 33 | esm-apps/bionic_mosquitto: needs-triage | 35 | esm-apps/bionic_mosquitto: ignored (backporting risks regressions) |
302 | 34 | focal_mosquitto: needs-triage | 36 | focal_mosquitto: ignored (backporting risks regressions) |
303 | 35 | esm-apps/focal_mosquitto: needs-triage | 37 | esm-apps/focal_mosquitto: ignored (backporting risks regressions) |
304 | 36 | jammy_mosquitto: needs-triage | 38 | jammy_mosquitto: needed |
305 | 37 | esm-apps/jammy_mosquitto: needs-triage | 39 | esm-apps/jammy_mosquitto: needed |
306 | 38 | lunar_mosquitto: needs-triage | 40 | lunar_mosquitto: needed |
307 | 39 | mantic_mosquitto: needs-triage | 41 | mantic_mosquitto: not-affected (2.0.18-1) |
308 | 40 | devel_mosquitto: needs-triage | 42 | devel_mosquitto: not-affected (2.0.18-1) |
309 | diff --git a/active/CVE-2023-3592 b/active/CVE-2023-3592 | |||
310 | index f91290d..345f181 100644 | |||
311 | --- a/active/CVE-2023-3592 | |||
312 | +++ b/active/CVE-2023-3592 | |||
313 | @@ -18,17 +18,17 @@ CVSS: | |||
314 | 18 | nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH] | 18 | nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH] |
315 | 19 | 19 | ||
316 | 20 | Patches_mosquitto: | 20 | Patches_mosquitto: |
318 | 21 | upstream_mosquitto: needs-triage | 21 | upstream_mosquitto: released (2.0.16) |
319 | 22 | trusty_mosquitto: ignored (end of standard support) | 22 | trusty_mosquitto: ignored (end of standard support) |
321 | 23 | trusty/esm_mosquitto: needs-triage | 23 | trusty/esm_mosquitto: not-affected (code-not-present) |
322 | 24 | xenial_mosquitto: ignored (end of standard support) | 24 | xenial_mosquitto: ignored (end of standard support) |
324 | 25 | esm-apps/xenial_mosquitto: needs-triage | 25 | esm-apps/xenial_mosquitto: not-affected (code-not-present) |
325 | 26 | bionic_mosquitto: ignored (end of standard support) | 26 | bionic_mosquitto: ignored (end of standard support) |
334 | 27 | esm-apps/bionic_mosquitto: needs-triage | 27 | esm-apps/bionic_mosquitto: not-affected (code-not-present) |
335 | 28 | focal_mosquitto: needs-triage | 28 | focal_mosquitto: needed |
336 | 29 | esm-apps/focal_mosquitto: needs-triage | 29 | esm-apps/focal_mosquitto: needed |
337 | 30 | jammy_mosquitto: needs-triage | 30 | jammy_mosquitto: needed |
338 | 31 | esm-apps/jammy_mosquitto: needs-triage | 31 | esm-apps/jammy_mosquitto: needed |
339 | 32 | lunar_mosquitto: needs-triage | 32 | lunar_mosquitto: needed |
340 | 33 | mantic_mosquitto: needs-triage | 33 | mantic_mosquitto: not-affected (2.0.18-1) |
341 | 34 | devel_mosquitto: needs-triage | 34 | devel_mosquitto: not-affected (2.0.18-1) |
342 | diff --git a/active/CVE-2023-5632 b/active/CVE-2023-5632 | |||
343 | index d009dbb..1d372d3 100644 | |||
344 | --- a/active/CVE-2023-5632 | |||
345 | +++ b/active/CVE-2023-5632 | |||
346 | @@ -13,26 +13,27 @@ Description: | |||
347 | 13 | fixed in 2.0.6 | 13 | fixed in 2.0.6 |
348 | 14 | Ubuntu-Description: | 14 | Ubuntu-Description: |
349 | 15 | Notes: | 15 | Notes: |
350 | 16 | gianz> Tested in Focal and below. Unable to reproduce the bug. | ||
351 | 16 | Mitigation: | 17 | Mitigation: |
352 | 17 | Bugs: | 18 | Bugs: |
353 | 18 | Priority: medium | 19 | Priority: medium |
355 | 19 | Discovered-by: | 20 | Discovered-by: Przemybsław Zygmunt |
356 | 20 | Assigned-to: gianz | 21 | Assigned-to: gianz |
357 | 21 | CVSS: | 22 | CVSS: |
358 | 22 | nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH] | 23 | nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH] |
359 | 23 | 24 | ||
360 | 24 | Patches_mosquitto: | 25 | Patches_mosquitto: |
362 | 25 | upstream_mosquitto: released (2.0.7-1) | 26 | upstream_mosquitto: released (2.0.6) |
363 | 26 | trusty_mosquitto: ignored (end of standard support) | 27 | trusty_mosquitto: ignored (end of standard support) |
365 | 27 | trusty/esm_mosquitto: needs-triage | 28 | trusty/esm_mosquitto: not-affected (code-not-present) |
366 | 28 | xenial_mosquitto: ignored (end of standard support) | 29 | xenial_mosquitto: ignored (end of standard support) |
368 | 29 | esm-apps/xenial_mosquitto: needs-triage | 30 | esm-apps/xenial_mosquitto: not-affected (code-not-present) |
369 | 30 | bionic_mosquitto: ignored (end of standard support) | 31 | bionic_mosquitto: ignored (end of standard support) |
373 | 31 | esm-apps/bionic_mosquitto: needs-triage | 32 | esm-apps/bionic_mosquitto: not-affected (code-not-present) |
374 | 32 | focal_mosquitto: needs-triage | 33 | focal_mosquitto: not-affected (code-not-present) |
375 | 33 | esm-apps/focal_mosquitto: needs-triage | 34 | esm-apps/focal_mosquitto: not-affected (code-not-present) |
376 | 34 | jammy_mosquitto: not-affected (2.0.11-1ubuntu1) | 35 | jammy_mosquitto: not-affected (2.0.11-1ubuntu1) |
381 | 35 | esm-apps/jammy_mosquitto: not-affected | 36 | esm-apps/jammy_mosquitto: not-affected (2.0.11-1ubuntu1) |
382 | 36 | lunar_mosquitto: not-affected | 37 | lunar_mosquitto: not-affected (2.0.11-1.2) |
383 | 37 | mantic_mosquitto: not-affected | 38 | mantic_mosquitto: not-affected (2.0.18-1) |
384 | 38 | devel_mosquitto: not-affected | 39 | devel_mosquitto: not-affected (2.0.18-1) |
lgtm, thanks