[Pkg-mongodb-maintainers] Bug#850931: jessie-pu: package mongodb/1:2.4.10-5
Apollon Oikonomopoulos
apoikos at debian.org
Wed Jan 11 10:46:11 UTC 2017
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org at packages.debian.org
Usertags: pu
Dear SRMs,
I would like to update MongoDB in stable to fix two low-impact security
issues:
- CVE-2016-6494[1] is fixed by backporting the patch already applied to
2.6 (once in sid).
- TEMP-0833087-C5410D[2] is fixed by reimplementing upstream's fix for
2.6[3] using the infrastructure available in MongoDB 2.4.
Unfortunately the mutable BSON infrastructure used in 2.6 is
incomplete and unusable in 2.4. I benchmarked my own version and
found no measurable performance impact.
Full source debdiff attached.
Regards,
Apollon
[1] https://security-tracker.debian.org/tracker/CVE-2016-6494
[2] https://security-tracker.debian.org/tracker/TEMP-0833087-C5410D
[3] https://github.com/mongodb/mongo/commit/f85ceb17b37210eef71e8113162c41368bfd5c12
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mongodb_2.4.10-5+deb8u1.diff
Type: text/x-diff
Size: 4727 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-mongodb-maintainers/attachments/20170111/6a9895f8/attachment.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-mongodb-maintainers/attachments/20170111/6a9895f8/attachment.sig>
More information about the Pkg-mongodb-maintainers
mailing list