mosquitto (0.15-2+deb7u3ubuntu0.1) trusty-security; urgency=medium

  * Merge from Debian. Remaining changes:
    - Install apparmor profile.
    - Replace init script with upstart script.

 -- Eduardo Barretto <eduardo.barretto@canonical.com>  Tue, 04 Sep 2018 16:54:44 -0300

mosquitto (0.15-2+deb7u3) wheezy-security; urgency=high

  * Non-maintainer upload by the Wheezy LTS Team. 
  * CVE-2017-7651
    fix to avoid extraordinary memory consumption by crafted 
    CONNECT packet from unauthenticated client
  * CVE-2017-7652
    in case all sockets/file descriptors are exhausted, this is a 
    fix to avoid default config values after reloading configuration
    by SIGHUP signal
 
 -- Thorsten Alteholz <debian@alteholz.de>  Sat, 31 Mar 2018 12:03:02 +0100

mosquitto (0.15-2+deb7u2) wheezy-security; urgency=high

  * SECURITY UPDATE: Persistence file is world readable, which may expose
    sensitive data.
    - debian/patches/mosquitto-0.15_cve-2017-9868.patch: Set umask to
      restrict persistence file read access to owner.
    - CVE-2017-9868

 -- Roger A. Light <roger@atchoo.org>  Mon, 26 Jun 2017 09:31:02 +0100

mosquitto (0.15-2+deb7u1) wheezy-security; urgency=high

  * SECURITY UPDATE: Pattern ACL can be bypassed by using a username/client id
    set to '+' or '#'.
    - debian/patches/mosquitto-1.3.4_cve-2017-7650.patch: Reject send/receive
      of messages to/from clients with a '+', '#' or '/' in their
      username/client id.
    - CVE-2017-7650

 -- Roger A. Light <roger@atchoo.org>  Tue, 23 May 2017 22:14:40 +0100

mosquitto (0.15-2ubuntu1.2) trusty-security; urgency=low

  * SECURITY UPDATE: Persistence file is world readable, which may expose
    sensitive data (LP: #1700490).
    - debian/patches/mosquitto-1.3.4_cve-2017-9868.patch: Set umask to
      restrict persistence file read access to owner.
    - CVE-2017-9868

 -- Roger A. Light <roger@atchoo.org>  Mon, 26 Jun 2017 09:31:02 +0100

mosquitto (0.15-2ubuntu1.1) trusty-security; urgency=low

  * SECURITY UPDATE: Pattern ACL can be bypassed by using a username/client id
    set to '+' or '#' (LP: #1692818).
    - debian/patches/mosquitto-0.15_cve-2017-7650.patch: Reject send/receive
      of messages to/from clients with a '+', '#' or '/' in their
      username/client id.
    - CVE-2017-7650

 -- Roger A. Light <roger@atchoo.org>  Tue, 23 May 2017 22:14:40 +0100

mosquitto (0.15-2ubuntu1) saucy; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - Install apparmor profile.
    - Replace init script with upstart script.
  * debian/patches/fix-972389.patch: Drop, as it was applied in Debian as
    bug-proto-number.patch.

 -- Logan Rosen <logan@ubuntu.com>  Fri, 23 Aug 2013 15:09:02 -0400

mosquitto (0.15-2) unstable; urgency=low

  * Fix broker crash when a client connects with a bad protocol version.
    (Closes: #696889)
  * Fix the possibility of topic access being granted when only acl_patterns
    is in use. (Closes: #696895)
  * Fix persistence option reloading. (Closes: #696891)

 -- Roger A. Light <roger@atchoo.org>  Fri, 28 Dec 2012 22:55:03 +0000

mosquitto (0.15-1) unstable; urgency=low

  * New upstream release: http://mosquitto.org/2012/02/version-0-15-released/
  * Updated debian/copyright to latest DEP-5.
  * Removed now unnecessary man-hyphen-minus.patch.

 -- Roger A. Light <roger@atchoo.org>  Sun, 05 Feb 2012 09:30:22 +0000

mosquitto (0.15-0ubuntu2) raring; urgency=low

  * Fix server crash on incorrect protocol number. (LP: #972389)

 -- Roger A. Light <roger@atchoo.org>  Thu, 16 Aug 2012 16:30:34 +0100

mosquitto (0.15-0ubuntu1) precise; urgency=low

  * New upstream release. (LP: #928556)
  * Install apparmor profile. (LP: #836005)
  * Replace init script with upstart script. (LP: #817175)
  * Update debian/copyright to latest format.

 -- Roger A. Light <roger@atchoo.org>  Tue, 07 Feb 2012 23:21:39 +0000

mosquitto (0.12-1) unstable; urgency=low

  * New upstream release: http://mosquitto.org/2011/07/version-0-12-released/

 -- Roger A. Light <roger@atchoo.org>  Mon, 25 Jul 2011 22:24:52 +0100

mosquitto (0.11.3-1) unstable; urgency=low

  * New upstream release: http://mosquitto.org/2011/07/version-0-11-3-released/
  * Fix init script start action to create pidfile so stop works correctly.
    (thanks to Mark Hindess, closes: #632589)
  * Fix section for client libraries in debian/control.
  * Remove disable-cmake.patch, this is handled in debian/rules now.

 -- Roger A. Light <roger@atchoo.org>  Wed, 6 July 2011 15:07:04 +0100

mosquitto (0.10-1) unstable; urgency=low

  * Initial release. (Closes: #605319)

 -- Roger A. Light <roger@atchoo.org>  Sun, 1 May 2011 20:12:51 +0100
