Old security issue not fixed #1084
Comments
icraggs
added a commit
that referenced
this issue
Mar 22, 2021
|
Thanks for pointing this out. I thought I'd fixed the packet data handling previously but evidently not. I've added a fix now. The second part is not actually achievable in practise. |
buildroot-auto-update
pushed a commit
to buildroot/buildroot
that referenced
this issue
May 27, 2021
Old security issue not fixed: eclipse/paho.mqtt.c#1084 https://github.com/eclipse/paho.mqtt.c/milestone/16?closed=1 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
buildroot-auto-update
pushed a commit
to buildroot/buildroot
that referenced
this issue
Jun 9, 2021
Old security issue not fixed: eclipse/paho.mqtt.c#1084 https://github.com/eclipse/paho.mqtt.c/milestone/16?closed=1 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 9dad1ef) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
While looking for public security issue for this library I found that there is no CVE assigned to it and actually no CPE (product identifier).
We can still find some evidence that there has been at least one security report, which was later disclosed.
https://bugs.eclipse.org/bugs/show_bug.cgi?id=543626
https://bugzillaattachments.eclipsecontent.org/bugs/attachment.cgi?id=277237
While studying the security report, and the actual code in the mainline, I dont find any evidence that the issue is actually fixed.
There report actually describe two issues. Awaiting some more feedback before creating specific bugs.
The text was updated successfully, but these errors were encountered: