Commits
Peter Korsgaard committed 6758d727502
mosquitto: security bump to version 1.4.15 Fixes CVE-2017-7651: Unauthenticated clients can send a crafted CONNECT packet which causes large amounts of memory use in the broker. If multiple clients do this, an out of memory situation can occur and the system may become unresponsive or the broker will be killed by the operating system. The fix addresses the problem by limiting the permissible size for CONNECT packet, and by adding a memory_limit configuration option that allows the broker to self limit the amount of memory it uses. The hash of new tarball is not (yet) available through download.php, so use a locally calculated hash. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit f4df4a18e5dd4702f842e61ee815f13afd93c366) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>