Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
420483ee by Sylvain Beucler at 2020-12-02T16:46:08+01:00
mongodb: stretch triage
CVE-2018-20803 CVE-2019-2392 CVE-2019-2393 CVE-2020-7926 CVE-2020-7928
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9679,7 +9679,7 @@ CVE-2019-20925 (An unauthenticated client can trigger
denial of service by issui
[stretch] - mongodb <not-affected> (Vulnerable code introduced later)
NOTE: https://jira.mongodb.org/browse/SERVER-43751
NOTE:
https://github.com/mongodb/mongo/commit/c1a956e084d39e6da75cd347e63d0064ed9151a8
(3.4.24, AGPL)
- NOTE: Introduced by: 91800fc61913358350b658406065c5d893d2ba2c (v3.3.11)
+ NOTE: Introduced by:
https://github.com/mongodb/mongo/commit/91800fc61913358350b658406065c5d893d2ba2c
(v3.3.11)
CVE-2019-20924 (A user authorized to perform database queries may trigger
denial of se ...)
- mongodb <removed>
[stretch] - mongodb <not-affected> (Vulnerable code introduced later)
@@ -54423,12 +54423,17 @@ CVE-2020-7929
RESERVED
CVE-2020-7928 (A user authorized to perform database queries may trigger a
read overr ...)
- mongodb <removed>
+ [stretch] - mongodb <not-affected> (Vulnerable code introduced later)
NOTE: https://jira.mongodb.org/browse/SERVER-49404
+ NOTE:
https://github.com/mongodb/mongo/commit/e10ce2e779cd17c9ba217c49740cffd2bef72694
(v3.6.20, SSPL)
+ NOTE: Introduced by:
https://github.com/mongodb/mongo/commit/5b8b1ca6364342d5a1bf21ec6c707edfae0f3555
(v3.5.5)
CVE-2020-7927 (Specially crafted API calls may allow an authenticated user who
holds ...)
NOT-FOR-US: MongoDB Ops Manager
CVE-2020-7926 (A user authorized to perform database queries may cause denial
of serv ...)
- mongodb <removed>
+ [stretch] - mongodb <postponed> (Minor issue, authenticated DoS)
NOTE: https://jira.mongodb.org/browse/SERVER-50170
+ NOTE:
https://github.com/mongodb/mongo/commit/859ec65c84f201e7aa687865633a2fa34e318174
(v4.4.1, SSPL)
CVE-2020-7925 (Incorrect validation of user input in the role name parser may
lead to ...)
- mongodb <removed>
[stretch] - mongodb <not-affected> (Vulnerable code introduced later)
@@ -104536,6 +104541,7 @@ CVE-2018-20804 (A user authorized to perform database
queries may trigger denial
NOTE: Introduced by:
https://github.com/mongodb/mongo/commit/a69ae445303fc4821c6745866b3902623a385c1c
(v3.5.10)
CVE-2018-20803 (A user authorized to perform database queries may trigger
denial of se ...)
- mongodb <removed>
+ [stretch] - mongodb <postponed> (Minor issue, authenticated DoS)
NOTE: https://jira.mongodb.org/browse/SERVER-38070
NOTE:
https://github.com/mongodb/mongo/commit/a2d97db8fe449d15eb8e275bbf318491781472bf
(v3.4.19, AGPL)
NOTE: Introduced by:
https://github.com/mongodb/mongo/commit/a8176cf1da9fdbcc48334bfb3c71fedf37e77879
(v3.1.7)
@@ -125311,10 +125317,14 @@ CVE-2019-2394
RESERVED
CVE-2019-2393 (A user authorized to perform database queries may trigger
denial of se ...)
- mongodb <removed>
+ [stretch] - mongodb <postponed> (Minor issue, authenticated DoS)
NOTE: https://jira.mongodb.org/browse/SERVER-43350
+ NOTE:
https://github.com/mongodb/mongo/commit/785b41740a216429573a89a5df82f96064965559
(v3.6.15, SSPL)
CVE-2019-2392 (A user authorized to perform database queries may trigger
denial of se ...)
- mongodb <removed>
+ [stretch] - mongodb <postponed> (Minor issue, authenticated DoS)
NOTE: https://jira.mongodb.org/browse/SERVER-43699
+ NOTE:
https://github.com/mongodb/mongo/commit/b5ff43f92c0e562121477e8253a56b2d83825571
(v3.4.24, AGPL)
CVE-2019-2391 (Incorrect parsing of certain JSON input may result in js-bson
not corr ...)
[experimental] - node-mongodb 3.5.5+~cs11.12.19-1
- node-mongodb 3.5.6+~cs11.12.19-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/420483eef4cbaeaf6fad6a9a92960c93b4aeb383
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/420483eef4cbaeaf6fad6a9a92960c93b4aeb383
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
