[Secure-testing-team] Bug#710597: pymongo: CVE-2013-2132: null pointer when decoding invalid DBRef
Salvatore Bonaccorso
carnil at debian.org
Sat Jun 1 08:54:49 UTC 2013
Package: pymongo
Severity: grave
Tags: security upstream patch
Hi,
the following vulnerability was published for pymongo.
CVE-2013-2132[0]:
null pointer when decoding invalid DBRef
See [1] for details and upstream bugreport including reproducer for
the issue. A patch was applied upstream in [2].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2132
http://security-tracker.debian.org/tracker/CVE-2013-2132
[1] https://jira.mongodb.org/browse/PYTHON-532
[2] https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2
I have checked 2.2-4, which seem affected. Please adjust the affected
versions in the BTS as needed.
Thanks for your work and regards,
Salvatore
More information about the Secure-testing-team
mailing list