Philippe Coval uploaded new packages for mosquitto which fixed the
following security problems:
CVE-2024-8376
In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.
For the bookworm-backports distribution the problems have been fixed in
version 2.0.20-1~bpo12+1.