I'm a libbson maintainer, and I believe this is only a minor bug, not
a grave vulnerability.
The bug is triggered when libbson reads BSON data corrupted in a
specific manner. The faulty logic will read up to 4 bytes past the end
of a buffer.
This is not a grave vulnerability for two reasons. Firs
forward unix sockets as well.
>
> So there are use cases for such requirements. Also intersting would be
> to have no-network variant of MongoDB server that works only through
> local sockets.
>
>
> On 08.09.2018 19:13, A. Jesse Jiryu Davis wrote:
> > Hi Dmitriy, libmongo
Hi Dmitriy, libmongoc uses libssl and libcrypto for a variety of
purposes, not just for TLS-encrypted network connections. It uses
libcrypto for authentication with a password-protected MongoDB server,
and to generate the tokens used in transactions. Besides,
TLS-encrypted network connections are n
Hi, I'm the upstream author of Motor. Motor is 2.0 now and its tests
work with PyMongo 3.7.1 in my testing systems. I've only been testing
the latest Motor against recent PyMongo versions; I haven't tested
older Motor with the latest PyMongo. Does Motor 2.0's test suite pass
with the PyMongo 3.7.1
It looks like this package should depend on python3-pymongo.
forwarded https://jira.mongodb.org/browse/CDRIVER-2325
Thanks, we'll fix for 1.8.1.
forwarded https://jira.mongodb.org/browse/CDRIVER-2286
forward: https://jira.mongodb.org/browse/CDRIVER-2286
Here's a patch from Kevin Albertson that applies the fix to libbson 1.4.2.
0001-CDRIVER-2269-Check-for-zero-string-length-in-codewsc.patch
Description: Binary data
Thanks, we've diagnosed the bug and we're tracking the fix in
https://jira.mongodb.org/browse/CDRIVER-2269 . We'll release the fix
in libbson 1.8.0 next week.
On Sat, Sep 9, 2017 at 11:36 AM, Salvatore Bonaccorso wrote:
> Some debugging information:
>
> ===
Thanks for the patch and sorry for the bug, we'll fix this in the next
couple weeks.
Thanks Radovan. I plan to upload 1.6.1 to Debian soon (via my sponsor
Roberto Sanchez) so let's do that instead of backporting.
Thanks that's useful info! Roberto Sanchez and I logged into a MIPS
machine on Tuesday and we found corroborating evidence which I wrote
up in the forwarded ticket:
https://jira.mongodb.org/browse/CDRIVER-2053
The problem is, the test suite starts hundreds of threads. I think the
solution is to r
Thanks Andreas, you're right. We'll submit 1.4.2 with the fix promptly.
On Wed, Oct 26, 2016 at 6:34 PM, Andreas Beckmann wrote:
> Control: reopen -1
>
> On Wed, 12 Oct 2016 22:00:26 -0400 "A. Jesse Jiryu Davis" <
> je...@mongodb.com> wrote:
> > V
Thanks, as with Bug#831659 for the dependent library libmongoc, I've
filed this upstream here:
https://jira.mongodb.org/browse/CDRIVER-1399
It's fixed in upstream and will be released in the next couples weeks
as libbson 1.4.0 and libmongoc 1.4.0, and re-uploaded to Debian.
On Wed, Aug 3, 2016 a
Thanks, I'll take a look right away.
I've filed this upstream here:
https://jira.mongodb.org/browse/CDRIVER-1399
Thanks for the patch! I intend to apply it to libmongoc and its dependency
libbson, which has the same reproducibility issue as libmongoc. We'll
release the fix with the upstream 1.4 package and upload to Debian then, at
Thanks; we're tracking this in the upstream bug tracker here:
https://jira.mongodb.org/browse/CDRIVER-1066
On Sun, Jun 26, 2016 at 6:22 AM, Kurt Roeckx wrote:
> Source: libmongoc
> Version: 1.3.5-1
> Severity: important
> Control: block 827061 by -1
>
> Hi,
>
> OpenSSL 1.1.0 is about to released
Thanks; I'm fixing the upcoming libbson upstream release 1.4.0 to prefix
all our man pages with "bson_", so "clock.3" will be "bson_clock.3".
That'll be released in a month or two and we'll update the Debian package.
On Wed, May 18, 2016 at 2:33 AM, Ralf Treinen wrote:
> Hi,
>
> libbson-doc also
I've opened a libmongoc bug to fix the man page names in the source repo:
https://jira.mongodb.org/browse/CDRIVER-1077
(I'm using a single issue in MongoDB's bug tracker for both the
libbson and libmongoc work.)
I've opened a libbson bug to fix the man page names in the source repo:
https://jira.mongodb.org/browse/CDRIVER-1077
Hi Laszlo, our intent at MongoDB is to work with a consultant, Roberto
Sanchez, to create and maintain the libbson package ourselves. Same for
libmongoc, the actual MongoDB C Driver, which depends on libbson.
We've put some effort into this package ourselves now. I'm very sorry to
hear about the d
Package: wnpp
Severity: wishlist
Owner: "A. Jesse Jiryu Davis"
* Package name: libmongoc
Version : 1.3.0
Upstream Author : A. Jesse Jiryu Davis
* URL : https://github.com/mongodb/mongo-c-driver
* License : Apache 2
Programming Lang: C
D
Package: wnpp
Severity: wishlist
Owner: "A. Jesse Jiryu Davis"
* Package name: libbson
Version : 1.3.0
Upstream Author : A. Jesse Jiryu Davis
* URL : https://github.com/mongodb/libbson
* License : Apache 2
Programming Lang: C
Description :
25 matches
Mail list logo
