Philippe Coval uploaded new packages for mosquitto which fixed the
following security problems:

CVE-2024-8376

    In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.

For the bookworm-backports distribution the problems have been fixed in
version 2.0.20-1~bpo12+1.