Your message dated Fri, 11 Aug 2017 21:12:58 +0000
with message-id <e1dgheo-0003qn...@fasolo.debian.org>
and subject line Bug#848305: fixed in mongodb 1:3.2.11-3
has caused the Debian Bug report #848305,
regarding mongodb: Add missing changelog entry for 1:2.6.12-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
848305: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848305
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: mongodb
Version: 1:3.2.11-2
Severity: wishlist
Tags: patch

Hi Apollon, hi Laszlo

Please consider adding back the debian/changelog entry for 1:2.6.12-3
which contained the reference for the CVE fix. Patch attached.

Thanks lot for considering. If you disagree, please close and mark as
wontfix.

Regards,
Salvatore

p.s.: the kernel team does similar, once a stable update say 4.8.11 is
      released, and the preparation for 4.9 is done in experimental, the
      sid branch is merged into the master branch and so keeping
      debian/changelog consistent back. Example:
      
https://anonscm.debian.org/cgit/kernel/linux.git/commit/?id=878978046681f8bff7396fe459e288b2a3d8e794

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
>From fba77262b606db2497babaeacd68bf91fa6dd2dc Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <car...@debian.org>
Date: Fri, 16 Dec 2016 06:37:13 +0100
Subject: [PATCH] Add missing changelog entry for 1:2.6.12-3

---
 debian/changelog | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index c5d895cf..7de8dd18 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -81,6 +81,13 @@ mongodb (1:3.2.8-1) experimental; urgency=medium
 
  -- Apollon Oikonomopoulos <apoi...@debian.org>  Thu, 14 Jul 2016 16:42:32 +0300
 
+mongodb (1:2.6.12-3) unstable; urgency=high
+
+  * Fix CVE-2016-6494 , prevent group and other access to .dbshell
+    (closes: #832908).
+
+ -- Laszlo Boszormenyi (GCS) <g...@debian.org>  Mon, 08 Aug 2016 21:56:32 +0000
+
 mongodb (1:2.6.12-2) unstable; urgency=medium
 
   * Do not use tcmalloc on ppc64el (fixes FTBFS on ppc64el).
-- 
2.11.0


--- End Message ---
--- Begin Message ---
Source: mongodb
Source-Version: 1:3.2.11-3

We believe that the bug you reported is fixed in the latest version of
mongodb, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 848...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Apollon Oikonomopoulos <apoi...@debian.org> (supplier of updated mongodb 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 11 Aug 2017 14:37:37 -0400
Source: mongodb
Binary: mongodb mongodb-server mongodb-clients
Architecture: source
Version: 1:3.2.11-3
Distribution: unstable
Urgency: medium
Maintainer: Debian MongoDB Maintainers 
<pkg-mongodb-maintain...@lists.alioth.debian.org>
Changed-By: Apollon Oikonomopoulos <apoi...@debian.org>
Description:
 mongodb    - object/document-oriented database (metapackage)
 mongodb-clients - object/document-oriented database (client apps)
 mongodb-server - object/document-oriented database (server package)
Closes: 848305 853556
Changes:
 mongodb (1:3.2.11-3) unstable; urgency=medium
 .
   * d/changelog: restore the 2.6.12-3 entry (Closes: #848305)
   * Fix FTBFS with GCC 7 (Closes: #853556)
   * Bump compat to 10
     + B-D on debhelper (>= 10)
     + Remove --with=systemd from dh invocations
   * Bump Standards to 4.0.1; no changes needed
Checksums-Sha1:
 deaf81c80832b2217aac0419aa3dc13231ef233f 2678 mongodb_3.2.11-3.dsc
 92a0f7e2ae5993256dcce32a5ac5782dfe4e0016 41504 mongodb_3.2.11-3.debian.tar.xz
 825a0893698e009f79caef8b6012b7341ced7abe 7226 mongodb_3.2.11-3_source.buildinfo
Checksums-Sha256:
 988e531497ce16b3136f8bdf9d47bc6ad0d9ba6a72938a0100f7f41e900f7cac 2678 
mongodb_3.2.11-3.dsc
 7c7c453b9500709cc353c888d2ea9a5df3cfc1f9dc91dfa2e85abf2198752f03 41504 
mongodb_3.2.11-3.debian.tar.xz
 fc40dab6daff1a5179a7d7c490672b2801fbddcb1ced7dac45216b3ddfa4529d 7226 
mongodb_3.2.11-3_source.buildinfo
Files:
 415ab0c3a57ef999e9e2ff5419e36c38 2678 database optional mongodb_3.2.11-3.dsc
 5823170ea2d8f39aadb69c88d1feb411 41504 database optional 
mongodb_3.2.11-3.debian.tar.xz
 072cb8b103ac2f32460c392c1d6430d7 7226 database optional 
mongodb_3.2.11-3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCAAxFiEEPgL9ZlYpWVIRC6uZ9RsYxyAkgiQFAlmOC7UTHGFwb2lrb3NA
ZGViaWFuLm9yZwAKCRD1GxjHICSCJOg5EACj63JmWIhjeIDoCrHWJXSfKiH11Tzp
cXZGTco3C1i1fHY9J11I8a/pr1d9+iI4eTfVSVCMlzBL/ufPaU8Pz7J2JDR14GUR
22w2xolB20a0Bpkhpd5pxE2SOqYYuYJD6FQLFVNkltvdKqXn5NRvjRFDOgxFK5R7
1QmXJTbXzGAe4Yle7Aky2tKpwdeH+Ds7BClFWAuK4fUSXmDo81ADuV6WdFMHNqPk
gppAARBxVBm3d60x05QxFAMiZZX6l7tGS+vok+Fe7Rx/2cvPMY66gHASQ3vbgdo1
AZt5dL5msOru+gOECd7x5cn1HfZ3rFuXm4a4+ylaF3aT0j6CgFr8KOn7uVg4CAyZ
ltru882HIEa4w7gZIdg7U4uQYNvSGRFPWUFp3nzwdZiuvncL3ntYWcyS0bc77Trg
wHpwRhmoX8XSDgzn6yFEnY2DIJRFvbsKC6tmVCYiXXw20oZLvsHGB56y80Oe7bgD
w3cKWOCperuGpglo/eQg0nLuBNSXDU9Fm+8Hs8P3yv+9oyMlQxTrQwtQyj17ThA/
upoi/wMAqzhHc2HKUEpa3+6N+HC7tspBFERqYRW3OanrbirQ1z0exAoaIFgdNA3b
97GWz/whRx7hnpcJy6cqxZef+1imakRfboQxnuiDWXWPV7KJXpnjRizDYJZ2WgbP
LKGcVrKhxNrg3A==
=YWTF
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to