Hi Ben Thank you for this information. Very good to know.
/ Ola Sent from a phone Den 8 aug 2016 23:29 skrev "Ben Hutchings" <b...@decadent.org.uk>: > On Mon, 2016-08-08 at 11:52 +0200, Ola Lundqvist wrote: > > Package : mongodb > > Version : 2.0.6-1+deb7u1 > > CVE ID : CVE-2016-6494 > > Debian Bug : 832908, 833087 > > > > Two security related problems have been found in the mongodb > > package, related to logging. > > > > CVE-2016-6494 > > World-readable .dbshell history file > > > > TEMP-0833087-C5410D > > Bruteforcable challenge responses in unprotected logfile > [...] > > This temporary ID is not stable and shouldn't be used in a DLA or DSA. > The Debian bug number, which you already included, is more useful. > > Ben. > > -- > Ben Hutchings > Beware of bugs in the above code; > I have only proved it correct, not tried it. - Donald Knuth >
