CVE-2021-41039: In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service. Please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b445ab1bfd4a8221c697e535885f17c0a7b36853 commit b445ab1bfd4a8221c697e535885f17c0a7b36853 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2021-12-02 01:43:03 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2021-12-02 01:43:33 +0000 app-misc/mosquitto: Drop old Bug: https://bugs.gentoo.org/827962 Signed-off-by: Matt Turner <mattst88@gentoo.org> app-misc/mosquitto/Manifest | 3 - ...2.0.11-Fix-installation-using-WITH_TLS-no.patch | 29 ----- app-misc/mosquitto/mosquitto-1.6.15.ebuild | 114 ------------------ app-misc/mosquitto/mosquitto-2.0.11.ebuild | 128 --------------------- app-misc/mosquitto/mosquitto-2.0.13.ebuild | 122 -------------------- 5 files changed, 396 deletions(-)
Thank you! Low impact so no GLSA, closing.