mosquitto - MQTT version 3.1/3.1.1 compatible message broker

Property Value
Distribution Ubuntu 19.04 (Disco Dingo)
Repository Ubuntu Universe amd64
Package filename mosquitto_1.5.7-1_amd64.deb
Package name mosquitto
Package version 1.5.7
Package release 1
Package architecture amd64
Package type deb
Category universe/net
License -
Maintainer Ubuntu Developers <>
Download size 127.12 KB
Installed size 359.00 KB
This is a message broker that supports version 3.1 and 3.1.1 of the MQTT
MQTT provides a method of carrying out messaging using a publish/subscribe
model. It is lightweight, both in terms of bandwidth usage and ease of
implementation. This makes it particularly useful at the edge of the network
where a sensor or other simple device may be implemented using an arduino for


Package Version Architecture Repository
mosquitto_1.5.7-1ubuntu0.1_amd64.deb 1.5.7 amd64 Ubuntu Updates Universe
mosquitto_1.5.7-1ubuntu0.1_i386.deb 1.5.7 i386 Ubuntu Updates Universe
mosquitto_1.5.7-1_i386.deb 1.5.7 i386 Ubuntu Universe
mosquitto - - -


Name Value
adduser >= 3.10
libc6 >= 2.14
libssl1.1 >= 1.1.0
libsystemd0 -
libuuid1 >= 2.16
libwebsockets8 >= 1.6.0
libwrap0 >= 7.6-4~
lsb-base >= 4.1+Debian3


Type URL
Binary Package mosquitto_1.5.7-1_amd64.deb
Source Package mosquitto

Install Howto

  1. Update the package index:
    # sudo apt-get update
  2. Install mosquitto deb package:
    # sudo apt-get install mosquitto




2019-02-18 - Roger A. Light <>
mosquitto (1.5.7-1) unstable; urgency=medium
* New upstream release.
* Remove fix-step3.patch, fixed upstream.
* bug-1162.patch: fix bug with clients being disconnected in some situations
when ACLs are in use.
2019-02-07 - Roger A. Light <>
mosquitto (1.5.6-1) unstable; urgency=medium
* SECURITY UPDATE: If Mosquitto is configured to use a password file for
authentication, any malformed data in the password file will be treated as
valid. This typically means that the malformed data becomes a username and
no password. If this occurs, clients can circumvent authentication and get
access to the broker by using the malformed username. In particular, a blank
line will be treated as a valid empty username. Other security measures are
unaffected. Users who have only used the mosquitto_passwd utility to create
and modify their password files are unaffected by this vulnerability.
- debian/patches/mosquitto-1.4.x-cve-2018-12551.patch: this fix introduces
more stringent parsing tests on the password file data.
- CVE-2018-12551
* SECURITY UPDATE: If an ACL file is empty, or has only blank lines or
comments, then mosquitto treats the ACL file as not being defined, which
means that no topic access is denied. Although denying access to all
topics is not a useful configuration, this behaviour is unexpected and
could lead to access being incorrectly granted in some circumstances.
- debian/patches/mosquitto-1.4.x-cve-2018-12550.patch: this fix ensures
that if an ACL file is defined but no rules are defined, then access will
be denied.
- CVE-2018-12550
* SECURITY UPDATE: If a client publishes a retained message to a topic that
they have access to, and then their access to that topic is revoked, the
retained message will still be delivered to future subscribers. This
behaviour may be undesirable in some applications, so a configuration
option `check_retain_source` has been introduced to enforce checking of
the retained message source on publish.
- debian/patches/mosquitto-1.4.8-cve-2018-12546.patch: this patch stores
the originator of the retained message, so security checking can be
carried out before re-publishing. The complexity of the patch is due to
the need to save this information across broker restarts.
- CVE-2018-12546
* New upstream release.
* Bump standards version to 4.3.0, no changes needed.
* fix-step3.patch: fix compilation error.
2018-12-22 - Andreas Henriksson <>
mosquitto (1.5.5-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Only chown mosquitto.log if it exists. (Closes: #916558)
2018-12-11 - Roger A. Light <>
mosquitto (1.5.5-1) unstable; urgency=medium
* SECURITY UPDATE: If the option `per_listener_settings` was set to true,
and the default listener was in use, and the default listener specified an
`acl_file`, then the acl file was being ignored. This affects version 1.5
to 1.5.4 inclusive.
* New upstream release.
2018-11-25 - Roger A. Light <>
mosquitto (1.5.4-2) unstable; urgency=medium
* debian/patches/914525.patch : Use pkg-config to get systemd libs
(Closes: #914525)
- This is needed to allow compilation on non-Linux systems.
* Fix FTCBFS: Let dh_auto_build pass cross tools to make. Thanks to Helmut
Grohne. (Closes: #914593)
* Ensure log files are owned by mosquitto. (Closes: #877346)

See Also

Package Description
most_5.0.0a-4_amd64.deb Pager program similar to more and less
mothur_1.41.21-1_amd64.deb sequence analysis suite for research on microbiota
motion_4.1.1-1.1build1_amd64.deb V4L capture program supporting motion detection
mountpy_0.8.1build1_amd64.deb script for quick mounting of removable devices
mousepad_0.4.1-2_amd64.deb simple Xfce oriented text editor
mousetrap_1.0c-2_amd64.deb Simple game of ball chasing
movim_0.14.1-1_all.deb decentralized social network fully based on XMPP
mozc-utils-gui_2.23.2815.102+dfsg-2ubuntu1_amd64.deb GUI utilities of the Mozc input method
mozilla-devscripts_0.53_all.deb Development scripts used by Mozilla's addons packages
mozo_1.20.2-1_all.deb easy MATE menu editing tool
mp3blaster_3.2.6-1build1_amd64.deb Full-screen console mp3 and Ogg Vorbis player
mp3burn_0.4.2-2.2_all.deb burn audio CDs directly from MP3, Ogg Vorbis, or FLAC files
mp3cd_1.27.0-3_all.deb Burns normalized audio CDs from lists of MP3s/WAVs/Oggs/FLACs
mp3check_0.8.7-3_amd64.deb tool to check mp3 files for consistency
mp3info-gtk_0.8.5a-1build3_amd64.deb MP3 info viewer and ID3 1.x tag editor -- GTK+ version