{"id":"MGASA-2021-0445","summary":"Updated mosquitto packages fix security vulnerability","details":"Mosquitto is updated to 2.0.12 to fix security vulnerability:\n\nIn Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security\nplugin, if the ability for a client to make subscriptions on a topic is\nrevoked when a durable client is offline, then existing subscriptions for\nthat client are not revoked (CVE-2021-34434).\n","modified":"2026-04-16T00:09:55.665733914Z","published":"2021-09-29T17:22:22Z","upstream":["CVE-2021-34434"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0445.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29454"},{"type":"WEB","url":"https://mosquitto.org/blog/2021/08/version-2-0-12-released/"}],"affected":[{"package":{"name":"mosquitto","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/mosquitto?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.12-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0445.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}