oss-sec mailing list archives

Re: CVE Request - MongoDB <=2.4.4 uninitialized object

From: Moritz Muehlenhoff <jmm () debian org>
Date: Fri, 19 Jul 2013 07:00:56 +0200

On Thu, Jul 18, 2013 at 08:14:39AM -0400, Dan Pasette wrote:

We already requested CVE-2013-2132 for this and it was fixed in version
2.4.5.

We announced it on mongodb-announce and have it listed in our alerts page
here: http://www.mongodb.org/about/alerts/


CVE-2013-2132 was already assigned to this issue in the Python driver:
http://www.openwall.com/lists/oss-security/2013/05/31/6
https://jira.mongodb.org/browse/PYTHON-532
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2132

While "your" CVE-2013-2132 refers to
https://jira.mongodb.org/browse/SERVER-9878, which AFAICS is a different
issue.

Cheers,
        Moritz

Current thread:

CVE Request - MongoDB <=2.4.4 uninitialized object Florian (Jul 17)
- Re: CVE Request - MongoDB <=2.4.4 uninitialized object Kurt Seifried (Jul 17)
  - Re: CVE Request - MongoDB <=2.4.4 uninitialized object Dan Pasette (Jul 18)
    - Re: CVE Request - MongoDB <=2.4.4 uninitialized object Moritz Muehlenhoff (Jul 18)
    - Re: CVE Request - MongoDB <=2.4.4 uninitialized object Kurt Seifried (Jul 18)
    - Re: CVE Request - MongoDB <=2.4.4 uninitialized object Kurt Seifried (Jul 26)
    - Re: CVE Request - MongoDB <=2.4.4 uninitialized object Andreas Nilsson (Jul 30)
    - Re: CVE Request - MongoDB <=2.4.4 uninitialized object Moritz Muehlenhoff (Jul 22)
- CVE Request - LibModPlug <=0.8.8.4 multiple heap overflow Florian (Aug 07)
  - Re: CVE Request - LibModPlug <=0.8.8.4 multiple heap overflow Kurt Seifried (Aug 07)
    - Re: CVE Request - LibModPlug <=0.8.8.4 multiple heap overflow Florian (Aug 07)
    - Re: CVE Request - LibModPlug <=0.8.8.4 multiple heap overflow Kurt Seifried (Aug 09)
    - Re: CVE Request - LibModPlug <=0.8.8.4 multiple heap overflow Raphael Geissert (Aug 12)