[Git][security-tracker-team/security-tracker][master] mongodb: stretch triage

Sylvain Beucler Tue, 24 Nov 2020 15:05:40 -0800


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f22b09e5 by Sylvain Beucler at 2020-11-25T00:04:39+01:00
mongodb: stretch triage
CVE-2018-20802 CVE-2018-20803 CVE-2018-20804 CVE-2018-20805 CVE-2019-20923 
CVE-2019-20924 CVE-2019-20925

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8635,13 +8635,22 @@ CVE-2019-20926
        RESERVED
 CVE-2019-20925 (An unauthenticated client can trigger denial of service by 
issuing spe ...)
        - mongodb <removed>
+       [stretch] - mongodb <not-affected> (Vulnerable code introduced later)
        NOTE: https://jira.mongodb.org/browse/SERVER-43751
+       NOTE: 
https://github.com/mongodb/mongo/commit/c1a956e084d39e6da75cd347e63d0064ed9151a8
 (3.4.24, AGPL)
+       NOTE: Introduced by: 91800fc61913358350b658406065c5d893d2ba2c (v3.3.11)
 CVE-2019-20924 (A user authorized to perform database queries may trigger 
denial of se ...)
        - mongodb <removed>
+       [stretch] - mongodb <not-affected> (Vulnerable code introduced later)
        NOTE: https://jira.mongodb.org/browse/SERVER-44377
+       NOTE: 
https://github.com/mongodb/mongo/commit/e4338fa6e876e61e47f68e7f573ead7bcfbd06fc
 (v4.2.2, SSPL)
+       NOTE: Introduced by: 
https://github.com/mongodb/mongo/commit/34a1ce6a681e2637d3c29a49a9412efe63821178
 (v4.1.9)
 CVE-2019-20923 (A user authorized to perform database queries may trigger 
denial of se ...)
        - mongodb <removed>
+       [stretch] - mongodb <not-affected> (Vulnerable code introduced later)
        NOTE: https://jira.mongodb.org/browse/SERVER-39481
+       NOTE: 
https://github.com/mongodb/mongo/commit/c9dd94ca1a571f9d145eaa9029d8ce905a86f933
 (v4.0.7, SSPL)
+       NOTE: Introduced by: 
https://github.com/mongodb/mongo/commit/1c629fb3e0cfdf218a6cdb20882806e3b7dd9e9c
 (v3.7.1)
 CVE-1999-0199 (manual/search.texi in the GNU C Library (aka glibc) before 2.2 
lacks a ...)
        - glibc 2.2-1
 CVE-2020-26572 (The TCOS smart card software driver in OpenSC before 
0.21.0-rc1 has a  ...)
@@ -103397,16 +103406,27 @@ CVE-2019-9831 (The AirMore application through 
1.6.1 for Android allows remote a
        NOT-FOR-US: AirMore application for Android
 CVE-2018-20805 (A user authorized to perform database queries may trigger 
denial of se ...)
        - mongodb <removed>
+       [stretch] - mongodb <not-affected> (Vulnerable code introduced later)
        NOTE: https://jira.mongodb.org/browse/SERVER-38164
+       NOTE: 
https://github.com/mongodb/mongo/commit/66316884a4b1180a8cceb6381e3c51e56586fc3e
 (v3.6.10, SSPL)
+       NOTE: Introduced by: 
https://github.com/mongodb/mongo/commit/f77527a942347313e2848e050e89480bc3cadb95
 (v3.5.4)
 CVE-2018-20804 (A user authorized to perform database queries may trigger 
denial of se ...)
        - mongodb <removed>
+       [stretch] - mongodb <not-affected> (Vulnerable code introduced later)
        NOTE: https://jira.mongodb.org/browse/SERVER-35636
+       NOTE: 
https://github.com/mongodb/mongo/commit/736d214fe2b1ad7cd9b57c05571b53628124668e
 (v3.6.13, SSPL)
+       NOTE: Introduced by: 
https://github.com/mongodb/mongo/commit/a69ae445303fc4821c6745866b3902623a385c1c
 (v3.5.10)
 CVE-2018-20803 (A user authorized to perform database queries may trigger 
denial of se ...)
        - mongodb <removed>
        NOTE: https://jira.mongodb.org/browse/SERVER-38070
+       NOTE: 
https://github.com/mongodb/mongo/commit/a2d97db8fe449d15eb8e275bbf318491781472bf
 (v3.4.19, AGPL)
+       NOTE: Introduced by: 
https://github.com/mongodb/mongo/commit/a8176cf1da9fdbcc48334bfb3c71fedf37e77879
 (v3.1.7)
 CVE-2018-20802 (A user authorized to perform database queries may trigger 
denial of se ...)
        - mongodb <removed>
+       [stretch] - mongodb <not-affected> (Vulnerable code introduced later)
        NOTE: https://jira.mongodb.org/browse/SERVER-36993
+       NOTE: 
https://github.com/mongodb/mongo/commit/2b4634bb6512c5345de2ab8f698a687c6cec9973
 (v3.6.9, AGPL)
+       NOTE: Introduced by: 
https://github.com/mongodb/mongo/commit/2f3b96e636329b68809bc63b681a862e3d3bccd5
 (v3.6)
 CVE-2017-18363
        RESERVED
 CVE-2015-9283



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f22b09e50576ef5cfeb21ee72c43dd755df2e7d0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f22b09e50576ef5cfeb21ee72c43dd755df2e7d0
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] mongodb: stretch triage

Reply via email to