** Changed in: mongodb (Ubuntu)
Status: Confirmed => Won't Fix
** Changed in: snowball (Ubuntu)
Status: Confirmed => Won't Fix
** Changed in: gyp (Ubuntu)
Status: Confirmed => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Server Team, wh
** Changed in: mongodb (Ubuntu)
Milestone: ubuntu-13.10 => saucy-updates
** Changed in: snowball (Ubuntu)
Milestone: ubuntu-13.10 => saucy-updates
** Changed in: gyp (Ubuntu)
Milestone: ubuntu-13.10 => saucy-updates
--
You received this bug notification because you are a member of U
** Changed in: mongodb (Ubuntu)
Milestone: ubuntu-13.09 => ubuntu-13.10
** Changed in: snowball (Ubuntu)
Milestone: ubuntu-13.09 => ubuntu-13.10
** Changed in: gyp (Ubuntu)
Milestone: ubuntu-13.09 => ubuntu-13.10
--
You received this bug notification because you are a member of Ubun
** Changed in: mongodb (Ubuntu)
Milestone: ubuntu-13.08 => ubuntu-13.09
** Changed in: snowball (Ubuntu)
Milestone: ubuntu-13.08 => ubuntu-13.09
** Changed in: gyp (Ubuntu)
Milestone: ubuntu-13.08 => ubuntu-13.09
--
You received this bug notification because you are a member of Ubun
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: gyp (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1187262
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: snowball (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1187
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: mongodb (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/11872
Upstream mongodb have definitely backported some fixes to their embedded
10gen version; however I will need to get a more definitive response on
how 10gen manage security issues in dependencies such as this.
FWIW I was intending on applying for a MRE for MongoDB assuming
successful MIR.
--
You r
"Re: it must be demonstrated that libv8 does not process untrusted
javascript
libv8 is used to provide the scriptable shell in mongodb; access to the
shell is via the mongo client application."
We allowed V8 to be embedded in the Ubuntu SDK because the attack
surface was greatly reduced-- it won'
I accidentally clicked 'Post comment' before I was ready
I think this provides an attack surface such that we would have to
support V8 with security updates. This very likely means full version
upgrades for mongodb to support new versions of V8 because V8 may change
so much (assuming that upst
Hi Jamie
On 28/06/13 12:32, Jamie Strandboge wrote:
> libv8 is something we've considered in the past as part of our webkit
> work and Ubuntu SDK audits. We can't effectively support libv8 because
> it is constantly changing. Therefore, backporting patches becomes
> infeasible very quickly and we
11 matches
Mail list logo
