Candidate: CVE-2017-9868
PublicDate: 2017-06-25 14:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9868
 https://github.com/eclipse/mosquitto/issues/468
Description:
 In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is
 world readable, which allows local users to obtain sensitive MQTT topic
 information.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865959
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N [5.5 MEDIUM]

Patches_mosquitto:
upstream_mosquitto: released (1.4.14-1)
precise/esm_mosquitto: DNE
trusty_mosquitto: released (0.15-2ubuntu1.2)
trusty/esm_mosquitto: released (0.15-2ubuntu1.2)
vivid/ubuntu-core_mosquitto: DNE
xenial_mosquitto: released (1.4.8-1ubuntu0.16.04.2)
yakkety_mosquitto: ignored (reached end-of-life)
zesty_mosquitto: released (1.4.10-2ubuntu0.2)
artful_mosquitto: ignored (reached end-of-life)
bionic_mosquitto: not-affected (1.4.15-1)
devel_mosquitto: not-affected (1.4.15-1)