Bug#848305: marked as done (mongodb: Add missing changelog entry for 1:2.6.12-3)

Fri, 23 Dec 2016 07:54:33 -0800 

Your message dated Fri, 23 Dec 2016 15:51:49 +0000
with message-id <e1cks8l-0005rc...@fasolo.debian.org>
and subject line Bug#848305: fixed in mongodb 1:3.4.1-1
has caused the Debian Bug report #848305,
regarding mongodb: Add missing changelog entry for 1:2.6.12-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
848305: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848305
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: mongodb
Version: 1:3.2.11-2
Severity: wishlist
Tags: patch

Hi Apollon, hi Laszlo

Please consider adding back the debian/changelog entry for 1:2.6.12-3
which contained the reference for the CVE fix. Patch attached.

Thanks lot for considering. If you disagree, please close and mark as
wontfix.

Regards,
Salvatore

p.s.: the kernel team does similar, once a stable update say 4.8.11 is
      released, and the preparation for 4.9 is done in experimental, the
      sid branch is merged into the master branch and so keeping
      debian/changelog consistent back. Example:
      
https://anonscm.debian.org/cgit/kernel/linux.git/commit/?id=878978046681f8bff7396fe459e288b2a3d8e794

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

>From fba77262b606db2497babaeacd68bf91fa6dd2dc Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <car...@debian.org>
Date: Fri, 16 Dec 2016 06:37:13 +0100
Subject: [PATCH] Add missing changelog entry for 1:2.6.12-3

---
 debian/changelog | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index c5d895cf..7de8dd18 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -81,6 +81,13 @@ mongodb (1:3.2.8-1) experimental; urgency=medium
 
  -- Apollon Oikonomopoulos <apoi...@debian.org>  Thu, 14 Jul 2016 16:42:32 +0300
 
+mongodb (1:2.6.12-3) unstable; urgency=high
+
+  * Fix CVE-2016-6494 , prevent group and other access to .dbshell
+    (closes: #832908).
+
+ -- Laszlo Boszormenyi (GCS) <g...@debian.org>  Mon, 08 Aug 2016 21:56:32 +0000
+
 mongodb (1:2.6.12-2) unstable; urgency=medium
 
   * Do not use tcmalloc on ppc64el (fixes FTBFS on ppc64el).
-- 
2.11.0

--- End Message ---
--- Begin Message --- 
Source: mongodb
Source-Version: 1:3.4.1-1

We believe that the bug you reported is fixed in the latest version of
mongodb, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 848...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Apollon Oikonomopoulos <apoi...@debian.org> (supplier of updated mongodb 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 23 Dec 2016 14:57:21 +0200
Source: mongodb
Binary: mongodb mongodb-server mongodb-clients
Architecture: source
Version: 1:3.4.1-1
Distribution: experimental
Urgency: medium
Maintainer: Debian MongoDB Maintainers 
<pkg-mongodb-maintain...@lists.alioth.debian.org>
Changed-By: Apollon Oikonomopoulos <apoi...@debian.org>
Description:
 mongodb    - object/document-oriented database (metapackage)
 mongodb-clients - object/document-oriented database (client apps)
 mongodb-server - object/document-oriented database (server package)
Closes: 848298 848305
Changes:
 mongodb (1:3.4.1-1) experimental; urgency=medium
 .
   * New upstream stable series
     + d/watch: look for 3.4 stable releases
     + Update upstream's signing key for 3.4
     + Drop fix-boost-1.60-build.patch; applied upstream
     + Refresh remaining patches
     + B-D on libboost-iostreams-dev
   * Upload to experimental
   * New patches:
     + Use std::regex instead of boost::regex in mongo shell (fixes FTBFS with
       Debian's boost and C++11)
   * Also build for s390x (Closes: #848298)
   * Drop i386 builds; i386 has long been deprecated upstream and support has
     been essentially removed in 3.4.
   * Use tcmalloc on ppc64el and arm64 as well
   * Do not ship mongosniff, as it is no longer built by the mongodb source
   * d/changelog: restore the 2.6.12-3 entry (Closes: #848305)
Checksums-Sha1:
 3add009df64c6ef93977c23e273b57151292d23c 2734 mongodb_3.4.1-1.dsc
 4b60c7677df95d0b12cbd299a89c46063b7ff77b 41466329 mongodb_3.4.1.orig.tar.gz
 ffbdf91cd5a19171b2b12f4eab4687456271654c 39352 mongodb_3.4.1-1.debian.tar.xz
Checksums-Sha256:
 cab4d54b055ea4d3d8a2a65f5e20cf722661eaa1d7cd8befb01da36010e6e2b2 2734 
mongodb_3.4.1-1.dsc
 395a6bb03a3075be4902ced3dd8148ec62c89f4c739bd59e9e41a24b56a74d50 41466329 
mongodb_3.4.1.orig.tar.gz
 0fe592cdac6a9c48611f852ce366844ba81a28c5476c7da2505125c9ece06a10 39352 
mongodb_3.4.1-1.debian.tar.xz
Files:
 2f5b7243bde6d689a684e3af6d793f86 2734 database optional mongodb_3.4.1-1.dsc
 17589b986ded67b8c4dacbffd4159258 41466329 database optional 
mongodb_3.4.1.orig.tar.gz
 b4b8a00962b42d6c1dfa4f1f663630a5 39352 database optional 
mongodb_3.4.1-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCAAxFiEEPgL9ZlYpWVIRC6uZ9RsYxyAkgiQFAlhdRJ0THGFwb2lrb3NA
ZGViaWFuLm9yZwAKCRD1GxjHICSCJCn5D/4908s2+j13AnnVkAdCoZG1usbKstIf
4By1dCa4yiFaCTerML+BX7IYeguV2lfsCDlnih3s9HYyaUHsAZr8J1tMCUMa6erP
uYOUNYF/iVWn5rGiFCgaahzgRM8ouS8bHFX+EGsWW4mtV8ScOkaQaKUhf0tl8dvr
FzCts400WWRBfyGQpMkTuP78ieAyFPVuOelUNL13bymd8zDtEYPqTH7QK5tLYHBx
5y2msWOwhGYJGPTiEICmQtxtvd06ea0woIjB0Sl+GbX1QCf8rjuH2qWEFmS6LTOQ
0G5QBuYrcfeGJbkQ3y70s7KinUerswb23c7hpj3eyOgm8j7e1G62orjmXb1hjxAH
nhn8yjSPs+ZixsE+7tifxJZpkHBlQ+56UFuxBIihdnzWe/vdagujE0i7U9bCtDk1
nI5wwzmcSNCt3hG98I/Kvp33oiDen7LLJnNQvYjEcwevcIlJUZ5ufjjOBKFu6txP
Ejfgq2IPCMFGoeOE46dwBqvvUnm8v5DJSzy8I2KQrLPR3d3OaFUCh3837aU9gvEA
DQEwBpIeJm7W/Mg7erH8OhO9AOR285nBBlJVj86gdd1l/Hq5RK7pHxTb8rK+ersQ
ItT7NzToL+b9TzskkXgcV4HKxi9IiPf2hIrJohB8FKGQHRxWUMcESo0gRiRXXL/f
CTpdIQVQkB61FQ==
=oM54
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to