Bug#848305: marked as done (mongodb: Add missing changelog entry for 1:2.6.12-3)
Your message dated Fri, 11 Aug 2017 21:12:58 + with message-idand subject line Bug#848305: fixed in mongodb 1:3.2.11-3 has caused the Debian Bug report #848305, regarding mongodb: Add missing changelog entry for 1:2.6.12-3 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 848305: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848305 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: mongodb Version: 1:3.2.11-2 Severity: wishlist Tags: patch Hi Apollon, hi Laszlo Please consider adding back the debian/changelog entry for 1:2.6.12-3 which contained the reference for the CVE fix. Patch attached. Thanks lot for considering. If you disagree, please close and mark as wontfix. Regards, Salvatore p.s.: the kernel team does similar, once a stable update say 4.8.11 is released, and the preparation for 4.9 is done in experimental, the sid branch is merged into the master branch and so keeping debian/changelog consistent back. Example: https://anonscm.debian.org/cgit/kernel/linux.git/commit/?id=878978046681f8bff7396fe459e288b2a3d8e794 -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) >From fba77262b606db2497babaeacd68bf91fa6dd2dc Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Fri, 16 Dec 2016 06:37:13 +0100 Subject: [PATCH] Add missing changelog entry for 1:2.6.12-3 --- debian/changelog | 7 +++ 1 file changed, 7 insertions(+) diff --git a/debian/changelog b/debian/changelog index c5d895cf..7de8dd18 100644 --- a/debian/changelog +++ b/debian/changelog @@ -81,6 +81,13 @@ mongodb (1:3.2.8-1) experimental; urgency=medium -- Apollon Oikonomopoulos Thu, 14 Jul 2016 16:42:32 +0300 +mongodb (1:2.6.12-3) unstable; urgency=high + + * Fix CVE-2016-6494 , prevent group and other access to .dbshell +(closes: #832908). + + -- Laszlo Boszormenyi (GCS) Mon, 08 Aug 2016 21:56:32 + + mongodb (1:2.6.12-2) unstable; urgency=medium * Do not use tcmalloc on ppc64el (fixes FTBFS on ppc64el). -- 2.11.0 --- End Message --- --- Begin Message --- Source: mongodb Source-Version: 1:3.2.11-3 We believe that the bug you reported is fixed in the latest version of mongodb, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 848...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Apollon Oikonomopoulos (supplier of updated mongodb package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 11 Aug 2017 14:37:37 -0400 Source: mongodb Binary: mongodb mongodb-server mongodb-clients Architecture: source Version: 1:3.2.11-3 Distribution: unstable Urgency: medium Maintainer: Debian MongoDB Maintainers Changed-By: Apollon Oikonomopoulos Description: mongodb- object/document-oriented database (metapackage) mongodb-clients - object/document-oriented database (client apps) mongodb-server - object/document-oriented database (server package) Closes: 848305 853556 Changes: mongodb (1:3.2.11-3) unstable; urgency=medium . * d/changelog: restore the 2.6.12-3 entry (Closes: #848305) * Fix FTBFS with GCC 7 (Closes: #853556) * Bump compat to 10 + B-D on debhelper (>= 10) + Remove --with=systemd from dh invocations * Bump Standards to 4.0.1; no changes needed Checksums-Sha1: deaf81c80832b2217aac0419aa3dc13231ef233f 2678 mongodb_3.2.11-3.dsc 92a0f7e2ae5993256dcce32a5ac5782dfe4e0016 41504 mongodb_3.2.11-3.debian.tar.xz 825a0893698e009f79caef8b6012b7341ced7abe 7226 mongodb_3.2.11-3_source.buildinfo Checksums-Sha256: 988e531497ce16b3136f8bdf9d47bc6ad0d9ba6a72938a0100f7f41e900f7cac 2678 mongodb_3.2.11-3.dsc 7c7c453b9500709cc353c888d2ea9a5df3cfc1f9dc91dfa2e85abf2198752f03 41504
Bug#848305: marked as done (mongodb: Add missing changelog entry for 1:2.6.12-3)
Your message dated Fri, 23 Dec 2016 15:51:49 + with message-idand subject line Bug#848305: fixed in mongodb 1:3.4.1-1 has caused the Debian Bug report #848305, regarding mongodb: Add missing changelog entry for 1:2.6.12-3 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 848305: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848305 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: mongodb Version: 1:3.2.11-2 Severity: wishlist Tags: patch Hi Apollon, hi Laszlo Please consider adding back the debian/changelog entry for 1:2.6.12-3 which contained the reference for the CVE fix. Patch attached. Thanks lot for considering. If you disagree, please close and mark as wontfix. Regards, Salvatore p.s.: the kernel team does similar, once a stable update say 4.8.11 is released, and the preparation for 4.9 is done in experimental, the sid branch is merged into the master branch and so keeping debian/changelog consistent back. Example: https://anonscm.debian.org/cgit/kernel/linux.git/commit/?id=878978046681f8bff7396fe459e288b2a3d8e794 -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) >From fba77262b606db2497babaeacd68bf91fa6dd2dc Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Fri, 16 Dec 2016 06:37:13 +0100 Subject: [PATCH] Add missing changelog entry for 1:2.6.12-3 --- debian/changelog | 7 +++ 1 file changed, 7 insertions(+) diff --git a/debian/changelog b/debian/changelog index c5d895cf..7de8dd18 100644 --- a/debian/changelog +++ b/debian/changelog @@ -81,6 +81,13 @@ mongodb (1:3.2.8-1) experimental; urgency=medium -- Apollon Oikonomopoulos Thu, 14 Jul 2016 16:42:32 +0300 +mongodb (1:2.6.12-3) unstable; urgency=high + + * Fix CVE-2016-6494 , prevent group and other access to .dbshell +(closes: #832908). + + -- Laszlo Boszormenyi (GCS) Mon, 08 Aug 2016 21:56:32 + + mongodb (1:2.6.12-2) unstable; urgency=medium * Do not use tcmalloc on ppc64el (fixes FTBFS on ppc64el). -- 2.11.0 --- End Message --- --- Begin Message --- Source: mongodb Source-Version: 1:3.4.1-1 We believe that the bug you reported is fixed in the latest version of mongodb, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 848...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Apollon Oikonomopoulos (supplier of updated mongodb package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 23 Dec 2016 14:57:21 +0200 Source: mongodb Binary: mongodb mongodb-server mongodb-clients Architecture: source Version: 1:3.4.1-1 Distribution: experimental Urgency: medium Maintainer: Debian MongoDB Maintainers Changed-By: Apollon Oikonomopoulos Description: mongodb- object/document-oriented database (metapackage) mongodb-clients - object/document-oriented database (client apps) mongodb-server - object/document-oriented database (server package) Closes: 848298 848305 Changes: mongodb (1:3.4.1-1) experimental; urgency=medium . * New upstream stable series + d/watch: look for 3.4 stable releases + Update upstream's signing key for 3.4 + Drop fix-boost-1.60-build.patch; applied upstream + Refresh remaining patches + B-D on libboost-iostreams-dev * Upload to experimental * New patches: + Use std::regex instead of boost::regex in mongo shell (fixes FTBFS with Debian's boost and C++11) * Also build for s390x (Closes: #848298) * Drop i386 builds; i386 has long been deprecated upstream and support has been essentially removed in 3.4. * Use tcmalloc on ppc64el and arm64 as well * Do not ship mongosniff, as it is no longer built by the mongodb source *