Hi Salvatore,
thank you for report. I've actually prepared new package, but currently
fighting with compilation as the V8 in debian is too old and using the
package is currently failing :(((
Antonin
* Salvatore Bonaccorso <car...@debian.org> [2013-07-18 08:59] wrote:
> Control: retitle -1 mongodb: CVE-2013-4142: databaseSpraying remote code
> execution
>
> Hi
>
> On Wed, Jul 17, 2013 at 04:37:30PM +0300, Henri Salo wrote:
> > Package: mongodb
> > Version: 1:2.4.3-1
> > Severity: important
> > Tags: security
> >
> > Information: http://blog.scrt.ch/2013/06/04/mongodb-rce-by-databasespraying/
> > CVE request: http://openwall.com/lists/oss-security/2013/07/17/2
> >
> > Please verify if Debian packages are affected and patch if needed. Please
> > contact me in case you need assistance.
>
> A CVE was assigned now for this issue, see [1]. Please include the CVE
> in your changelog when fixing the issue.
>
> [1] http://openwall.com/lists/oss-security/2013/07/18/2
>
> Regards,
> Salvatore
>
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
