I'm a libbson maintainer, and I believe this is only a minor bug, not
a grave vulnerability.
The bug is triggered when libbson reads BSON data corrupted in a
specific manner. The faulty logic will read up to 4 bytes past the end
of a buffer.
This is not a grave vulnerability for two reasons. Firs
It looks like this package should depend on python3-pymongo.
forwarded https://jira.mongodb.org/browse/CDRIVER-2325
Thanks, we'll fix for 1.8.1.
Thanks Radovan. I plan to upload 1.6.1 to Debian soon (via my sponsor
Roberto Sanchez) so let's do that instead of backporting.
Thanks that's useful info! Roberto Sanchez and I logged into a MIPS
machine on Tuesday and we found corroborating evidence which I wrote
up in the forwarded ticket:
https://jira.mongodb.org/browse/CDRIVER-2053
The problem is, the test suite starts hundreds of threads. I think the
solution is to r
Thanks Andreas, you're right. We'll submit 1.4.2 with the fix promptly.
On Wed, Oct 26, 2016 at 6:34 PM, Andreas Beckmann wrote:
> Control: reopen -1
>
> On Wed, 12 Oct 2016 22:00:26 -0400 "A. Jesse Jiryu Davis" <
> je...@mongodb.com> wrote:
> > V
Thanks; I'm fixing the upcoming libbson upstream release 1.4.0 to prefix
all our man pages with "bson_", so "clock.3" will be "bson_clock.3".
That'll be released in a month or two and we'll update the Debian package.
On Wed, May 18, 2016 at 2:33 AM, Ralf Treinen wrote:
> Hi,
>
> libbson-doc also
I've opened a libmongoc bug to fix the man page names in the source repo:
https://jira.mongodb.org/browse/CDRIVER-1077
(I'm using a single issue in MongoDB's bug tracker for both the
libbson and libmongoc work.)
I've opened a libbson bug to fix the man page names in the source repo:
https://jira.mongodb.org/browse/CDRIVER-1077
10 matches
Mail list logo
