In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked.
[
{
"vendor": "The Eclipse Foundation",
"product": "Eclipse Mosquitto",
"versions": [
{
"version": "2.0",
"status": "affected",
"lessThan": "unspecified",
"versionType": "custom"
},
{
"version": "unspecified",
"lessThanOrEqual": "2.0.11",
"status": "affected",
"versionType": "custom"
}
]
}
]
bugs.eclipse.org/bugs/show_bug.cgi?id=575324
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4WWGVF5BUFPYPCFUPPP4KRIYI5OTJN2/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLUUM52Y6AEICPXPSRRXC6OBY4H5XKW7/
www.debian.org/security/2023/dsa-5511