** Changed in: mongodb (Ubuntu)
Status: Confirmed = Won't Fix
** Changed in: snowball (Ubuntu)
Status: Confirmed = Won't Fix
** Changed in: gyp (Ubuntu)
Status: Confirmed = Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Server Team,
** Changed in: mongodb (Ubuntu)
Milestone: ubuntu-13.10 = saucy-updates
** Changed in: snowball (Ubuntu)
Milestone: ubuntu-13.10 = saucy-updates
** Changed in: gyp (Ubuntu)
Milestone: ubuntu-13.10 = saucy-updates
--
You received this bug notification because you are a member of
** Changed in: mongodb (Ubuntu)
Milestone: ubuntu-13.09 = ubuntu-13.10
** Changed in: snowball (Ubuntu)
Milestone: ubuntu-13.09 = ubuntu-13.10
** Changed in: gyp (Ubuntu)
Milestone: ubuntu-13.09 = ubuntu-13.10
--
You received this bug notification because you are a member of Ubuntu
** Changed in: mongodb (Ubuntu)
Milestone: ubuntu-13.08 = ubuntu-13.09
** Changed in: snowball (Ubuntu)
Milestone: ubuntu-13.08 = ubuntu-13.09
** Changed in: gyp (Ubuntu)
Milestone: ubuntu-13.08 = ubuntu-13.09
--
You received this bug notification because you are a member of Ubuntu
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: mongodb (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: snowball (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: gyp (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1187262
Upstream mongodb have definitely backported some fixes to their embedded
10gen version; however I will need to get a more definitive response on
how 10gen manage security issues in dependencies such as this.
FWIW I was intending on applying for a MRE for MongoDB assuming
successful MIR.
--
You
I accidentally clicked 'Post comment' before I was ready
I think this provides an attack surface such that we would have to
support V8 with security updates. This very likely means full version
upgrades for mongodb to support new versions of V8 because V8 may change
so much (assuming that
Re: it must be demonstrated that libv8 does not process untrusted
javascript
libv8 is used to provide the scriptable shell in mongodb; access to the
shell is via the mongo client application.
We allowed V8 to be embedded in the Ubuntu SDK because the attack
surface was greatly reduced-- it won't
Hi Jamie
On 28/06/13 12:32, Jamie Strandboge wrote:
libv8 is something we've considered in the past as part of our webkit
work and Ubuntu SDK audits. We can't effectively support libv8 because
it is constantly changing. Therefore, backporting patches becomes
infeasible very quickly and we are
11 matches
Mail list logo