Roberto C. Sánchez pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4795427c by Roberto C. Sánchez at 2025-04-18T16:29:43-04:00
add fix commits for mongo-c-driver CVES (CVE-2024-6383, CVE-2024-6381,
CVE-2023-0437
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -84293,6 +84293,8 @@ CVE-2024-6383 (The bson_string_append function in
MongoDB C Driver may be vulner
[bookworm] - mongo-c-driver <no-dsa> (Minor issue)
[bullseye] - mongo-c-driver <no-dsa> (Minor issue)
NOTE: https://jira.mongodb.org/browse/CDRIVER-5628
+ NOTE: Fixed by:
https://github.com/mongodb/mongo-c-driver/commit/1d642e461e7c0e26abe3a90c7bbac081ac4a0053
(1.28.0)
+ NOTE: Fixed by:
https://github.com/mongodb/mongo-c-driver/commit/7c34461863211be172e6317221d72e4429bed45e
(1.27.1)
CVE-2024-6284 (In https://github.com/google/nftables IP addresses were
encoded in th ...)
- golang-github-google-nftables 0.1.0-4 (bug #1071247)
[bookworm] - golang-github-google-nftables 0.1.0-4~deb12u1
@@ -84533,6 +84535,8 @@ CVE-2024-6381 (The bson_strfreev function in the
MongoDB C driver library may be
[bookworm] - mongo-c-driver <no-dsa> (Minor issue)
[bullseye] - mongo-c-driver <no-dsa> (Minor issue)
NOTE: https://jira.mongodb.org/browse/CDRIVER-5622
+ NOTE: Fixed by:
https://github.com/mongodb/mongo-c-driver/commit/361c2e669be1c41f9638530b3867f316e96692bb
(1.27.0)
+ NOTE: Fixed by:
https://github.com/mongodb/mongo-c-driver/commit/effd95c34ad421df94eec7c69236f0e4172552d0
(1.26.2)
CVE-2024-6341
REJECTED
CVE-2024-6264 (The Post Meta Data Manager plugin for WordPress is vulnerable
to Store ...)
@@ -194924,6 +194928,8 @@ CVE-2023-0437 (When calling bson_utf8_validateon some
inputs a loop with an exit
[bullseye] - mongo-c-driver <no-dsa> (Minor issue)
[buster] - mongo-c-driver <ignored> (Minor issue)
NOTE: https://jira.mongodb.org/browse/CDRIVER-4747
+ NOTE: Fixed by:
https://github.com/mongodb/mongo-c-driver/commit/fd3a978b35cac8f3c78c4d9a1b08fd5aa4d440b8
(1.25.0)
+ NOTE: Fixed by:
https://github.com/mongodb/mongo-c-driver/commit/be865dd759a28aa268232766f304d1bc11f1e8f7
(1.24.5)
CVE-2023-0436 (The affected versions of MongoDB Atlas Kubernetes Operator may
print s ...)
NOT-FOR-US: MongoDB Atlas Kubernetes Operator
CVE-2022-48282 (Under very specific circumstances (see Required configuration
section ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4795427c60fde1103f6171873e940a2e0228a831
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4795427c60fde1103f6171873e940a2e0228a831
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
