[3.8] mosquitto: Multiple vulnerabilities (CVE-2018-12546, CVE-2018-12550, CVE-2018-12551)| ID: oval:org.secpod.oval:def:1801514 | Date: (C)2019-07-22 (M)2022-08-17 |
| Class: PATCH | Family: unix |
CVE-2018-12546: If a client publishes a retained message to a topic that they have access to, and then their access to that topic is revoked, the retained message will still be delivered to future subscribers. This behaviour may be undesirable in some applications, so a configuration option check_retain_source has been introduced to enforce checking of the retained message source on publish
| Platform: |
| Alpine Linux 3.8 |
