libmosquittopp1_1.4.8-1ubuntu0.16.04.7_amd64.deb


Advertisement

Description

libmosquittopp1 - MQTT version 3.1/3.1.1 client C++ library

Property Value
Distribution Ubuntu 16.04 LTS (Xenial Xerus)
Repository Ubuntu Updates Universe amd64
Package filename libmosquittopp1_1.4.8-1ubuntu0.16.04.7_amd64.deb
Package name libmosquittopp1
Package version 1.4.8
Package release 1ubuntu0.16.04.7
Package architecture amd64
Package type deb
Category universe/libs
Homepage http://mosquitto.org/
License -
Maintainer Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Download size 10.70 KB
Installed size 70.00 KB
This is a C++ library for implementing MQTT version 3.1/3.1.1 clients.
MQTT provides a method of carrying out messaging using a publish/subscribe
model. It is lightweight, both in terms of bandwidth usage and ease of
implementation. This makes it particularly useful at the edge of the network
where a sensor or other simple device may be implemented using an arduino for
example.

Alternatives

Package Version Architecture Repository
libmosquittopp1_1.4.8-1ubuntu0.16.04.7_i386.deb 1.4.8 i386 Ubuntu Updates Universe
libmosquittopp1_1.4.8-1build1_i386.deb 1.4.8 i386 Ubuntu Universe
libmosquittopp1_1.4.8-1build1_amd64.deb 1.4.8 amd64 Ubuntu Universe
libmosquittopp1 - - -

Requires

Name Value
libmosquitto1 = 1.4.8-1ubuntu0.16.04.7
libstdc++6 >= 4.1.1

Download

Type URL
Mirror archive.ubuntu.com
Binary Package libmosquittopp1_1.4.8-1ubuntu0.16.04.7_amd64.deb
Source Package mosquitto

Install Howto

  1. Update the package index:
    # sudo apt-get update
  2. Install libmosquittopp1 deb package:
    # sudo apt-get install libmosquittopp1

Files

Path
/usr/lib/x86_64-linux-gnu/libmosquittopp.so.1
/usr/share/doc/libmosquittopp1/changelog.Debian.gz
/usr/share/doc/libmosquittopp1/copyright

Changelog

2019-06-18 - Eduardo Barretto <eduardo.barretto@canonical.com>
mosquitto (1.4.8-1ubuntu0.16.04.7) xenial-security; urgency=medium
* SECURITY UPDATE: DoS (client disconnect) via invalid UTF-8 strings
- debian/patches/add-validate-utf8.patch: Add validate UTF-8
- debian/patches/CVE-2017-7653.patch: Add UTF-8 tests, plus some validation
fixes
- CVE-2017-7653
* SECURITY UPDATE: Memory leak in the Mosquitto Broker allows unauthenticated
clients to send crafted CONNECT packets which could cause DoS
- debian/patches/CVE-2017-7654.patch: Fix memory leak that could be caused
by a malicious CONNECT packet
- CVE-2017-7654
2019-02-13 - Roger A. Light <roger@atchoo.org>
mosquitto (1.4.8-1ubuntu0.16.04.6) xenial-security; urgency=medium
* Fix regression in update for CVE-2018-12546.
2019-02-06 - Roger A. Light <roger@atchoo.org>
mosquitto (1.4.8-1ubuntu0.16.04.5) xenial-security; urgency=medium
* SECURITY UPDATE: If Mosquitto is configured to use a password file for
authentication, any malformed data in the password file will be treated as
valid. This typically means that the malformed data becomes a username and
no password. If this occurs, clients can circumvent authentication and get
access to the broker by using the malformed username. In particular, a blank
line will be treated as a valid empty username. Other security measures are
unaffected. Users who have only used the mosquitto_passwd utility to create
and modify their password files are unaffected by this vulnerability.
- debian/patches/mosquitto-1.4.x-cve-2018-12551.patch: this fix introduces
more stringent parsing tests on the password file data.
- CVE-2018-12551
* SECURITY UPDATE: If an ACL file is empty, or has only blank lines or
comments, then mosquitto treats the ACL file as not being defined, which
means that no topic access is denied. Although denying access to all
topics is not a useful configuration, this behaviour is unexpected and
could lead to access being incorrectly granted in some circumstances.
- debian/patches/mosquitto-1.4.x-cve-2018-12550.patch: this fix ensures
that if an ACL file is defined but no rules are defined, then access will
be denied.
- CVE-2018-12550
* SECURITY UPDATE: If a client publishes a retained message to a topic that
they have access to, and then their access to that topic is revoked, the
retained message will still be delivered to future subscribers. This
behaviour may be undesirable in some applications, so a configuration
option `check_retain_source` has been introduced to enforce checking of
the retained message source on publish.
- debian/patches/mosquitto-1.4.8-cve-2018-12546.patch: this patch stores
the originator of the retained message, so security checking can be
carried out before re-publishing. The complexity of the patch is due to
the need to save this information across broker restarts.
- CVE-2018-12546
2018-09-05 - Eduardo Barretto <eduardo.barretto@canonical.com>
mosquitto (1.4.8-1ubuntu0.16.04.4) xenial-security; urgency=medium
* SECURITY UPDATE: in case all sockets/file descriptors are exhausted,
then opening the configuration file will fail.
- debian/patches/mosquitto-1.4.x_cve-2017-7652.patch: this is a fix
to avoid default config values after reloading configuration by
SIGHUP signal.
- CVE-2017-7652
2018-03-01 - Emmet Hikory <persia@ubuntu.com>
mosquitto (1.4.8-1ubuntu0.16.04.3) xenial-security; urgency=medium
* SECURITY UPDATE: upstream patch for CVE 2017-7651 (LP: #1752591)
2017-06-26 - Roger A. Light <roger@atchoo.org>
mosquitto (1.4.8-1ubuntu0.16.04.2) xenial-security; urgency=low
* SECURITY UPDATE: Persistence file is world readable, which may expose
sensitive data (LP: #1700490).
- debian/patches/mosquitto-1.4.x_cve-2017-9868.patch: Set umask to
restrict persistence file read access to owner.
- CVE-2017-9868

See Also

Package Description
libmozjs-24-0v5_24.2.0-3ubuntu2.1_amd64.deb Spidermonkey JavaScript engine
libmozjs-24-bin_24.2.0-3ubuntu2.1_amd64.deb Spidermonkey JavaScript shell
libmozjs-24-dev_24.2.0-3ubuntu2.1_amd64.deb Spidermonkey JavaScript library - development headers
libmpg123-0_1.22.4-1ubuntu0.1_amd64.deb MPEG layer 1/2/3 audio decoder (shared library)
libmpg123-dev_1.22.4-1ubuntu0.1_amd64.deb MPEG layer 1/2/3 audio decoder (development files)
libmunge-dev_0.5.11-3ubuntu0.1_amd64.deb authentication service for credential -- development package
libmunge2_0.5.11-3ubuntu0.1_amd64.deb authentication service for credential -- library package
libmwaw-tools_0.3.7-1ubuntu2.1_amd64.deb import library for some old Mac text documents -- tools
libn32atomic1-dbg-mips-cross_5.4.0-6ubuntu1~16.04.9cross1_all.deb support library providing __atomic built-in functions (n32 debug symbols)
libn32atomic1-dbg-mips64-cross_5.4.0-6ubuntu1~16.04.9cross1_all.deb support library providing __atomic built-in functions (n32 debug symbols)
libn32atomic1-dbg-mips64el-cross_5.4.0-6ubuntu1~16.04.9cross1_all.deb support library providing __atomic built-in functions (n32 debug symbols)
libn32atomic1-dbg-mipsel-cross_5.4.0-6ubuntu1~16.04.9cross1_all.deb support library providing __atomic built-in functions (n32 debug symbols)
libn32atomic1-mips-cross_5.4.0-6ubuntu1~16.04.9cross1_all.deb support library providing __atomic built-in functions (n32)
libn32atomic1-mips64-cross_5.4.0-6ubuntu1~16.04.9cross1_all.deb support library providing __atomic built-in functions (n32)
libn32atomic1-mips64el-cross_5.4.0-6ubuntu1~16.04.9cross1_all.deb support library providing __atomic built-in functions (n32)
Advertisement
Advertisement