DEBIAN-CVE-2024-10525

In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its onsubscribe callback. This affects the mosquittosub and mosquittorr clients...

Fedora 20 : gnupg-1.4.17-1.fc20 (2014-7676)

New upstream v1.4.17 - Avoid DoS due to garbled compressed data packets. - Screen keyserver reponses to avoid import of unwanted keys by rogue servers. - Add hash algorithms to the 'sig' records of the colon output. - More specific reason codes for INVRECP status. - Drop gpg.ru.1 Note that Tenabl...