Source: mongodb
Version: 1:3.2.11-2
Severity: wishlist
Tags: patch
Hi Apollon, hi Laszlo
Please consider adding back the debian/changelog entry for 1:2.6.12-3
which contained the reference for the CVE fix. Patch attached.
Thanks lot for considering. If you disagree, please close and mark as
wontfix.
Regards,
Salvatore
p.s.: the kernel team does similar, once a stable update say 4.8.11 is
released, and the preparation for 4.9 is done in experimental, the
sid branch is merged into the master branch and so keeping
debian/changelog consistent back. Example:
https://anonscm.debian.org/cgit/kernel/linux.git/commit/?id=878978046681f8bff7396fe459e288b2a3d8e794
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
>From fba77262b606db2497babaeacd68bf91fa6dd2dc Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <[email protected]>
Date: Fri, 16 Dec 2016 06:37:13 +0100
Subject: [PATCH] Add missing changelog entry for 1:2.6.12-3
---
debian/changelog | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index c5d895cf..7de8dd18 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -81,6 +81,13 @@ mongodb (1:3.2.8-1) experimental; urgency=medium
-- Apollon Oikonomopoulos <[email protected]> Thu, 14 Jul 2016 16:42:32 +0300
+mongodb (1:2.6.12-3) unstable; urgency=high
+
+ * Fix CVE-2016-6494 , prevent group and other access to .dbshell
+ (closes: #832908).
+
+ -- Laszlo Boszormenyi (GCS) <[email protected]> Mon, 08 Aug 2016 21:56:32 +0000
+
mongodb (1:2.6.12-2) unstable; urgency=medium
* Do not use tcmalloc on ppc64el (fixes FTBFS on ppc64el).
--
2.11.0
