[Pkg-mongodb-maintainers] [pkg-mongodb] 02/03: Fix CVE-2016-6494

Apollon Oikonomopoulos apoikos at moszumanska.debian.org
Mon Jan 30 09:26:14 UTC 2017 

This is an automated email from the git hooks/post-receive script.

apoikos pushed a commit to branch stable/jessie
in repository pkg-mongodb.

commit c03cd617559d98a9b70a503bc579942743b3e889
Author: Apollon Oikonomopoulos <apoikos at debian.org>
Date:   Wed Jan 11 11:16:10 2017 +0200

    Fix CVE-2016-6494
    
    Closes: #832908
---
 debian/patches/CVE-2016-6494.patch | 39 ++++++++++++++++++++++++++++++++++++++
 debian/patches/series              |  1 +
 2 files changed, 40 insertions(+)

diff --git a/debian/patches/CVE-2016-6494.patch b/debian/patches/CVE-2016-6494.patch
new file mode 100644
index 0000000..b04e7ff
--- /dev/null
+++ b/debian/patches/CVE-2016-6494.patch
@@ -0,0 +1,39 @@
+Description: prevent group and other access on .dbshell
+ Use umask on file creation and chmod on existing file load.
+Forwarded: no
+Bug-Debian: https://bugs.debian.org/832908
+Author: Laszlo Boszormenyi (GCS) <gcs at debian.org>
+Last-Update: 2016-08-04
+
+---
+
+--- mongodb-2.4.10.orig/src/mongo/shell/linenoise.cpp
++++ mongodb-2.4.10/src/mongo/shell/linenoise.cpp
+@@ -103,6 +103,7 @@
+ #include <stdlib.h>
+ #include <string.h>
+ #include <sys/types.h>
++#include <sys/stat.h>
+ #include <sys/ioctl.h>
+ #include <cctype>
+ #include <wctype.h>
+@@ -2626,7 +2627,10 @@ int linenoiseHistorySetMaxLen( int len )
+ /* Save the history in the specified file. On success 0 is returned
+  * otherwise -1 is returned. */
+ int linenoiseHistorySave( const char* filename ) {
++    mode_t old_umask;
++    old_umask = umask(S_IRWXG | S_IRWXO);
+     FILE* fp = fopen( filename, "wt" );
++    umask(old_umask);
+     if ( fp == NULL ) {
+         return -1;
+     }
+@@ -2651,6 +2655,8 @@ int linenoiseHistoryLoad( const char* fi
+         return -1;
+     }
+ 
++    chmod(filename, 00600);
++
+     char buf[LINENOISE_MAX_LINE];
+     while ( fgets( buf, LINENOISE_MAX_LINE, fp ) != NULL ) {
+         char* p = strchr( buf, '\r' );
diff --git a/debian/patches/series b/debian/patches/series
index 2affbd5..5153a36 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -19,3 +19,4 @@ cefb0ef38f050b73b2bf8211add55f3749753e0a.patch
 656f78711632a5dc37221422c99e3c4619bcc58f.patch
 3a7e85ea1f672f702660e5472566234b1d19038e.patch
 Redact-key-and-nonce-from-auth-attempt-logs.patch
+CVE-2016-6494.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-mongodb/pkg-mongodb.git

More information about the Pkg-mongodb-maintainers mailing list