oss-sec mailing list archives

Re: CVE Request - MongoDB <=2.4.4 uninitialized object

From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 19 Jul 2013 00:01:35 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/18/2013 11:00 PM, Moritz Muehlenhoff wrote:

On Thu, Jul 18, 2013 at 08:14:39AM -0400, Dan Pasette wrote:

We already requested CVE-2013-2132 for this and it was fixed in
version 2.4.5.

We announced it on mongodb-announce and have it listed in our
alerts page here: http://www.mongodb.org/about/alerts/


CVE-2013-2132 was already assigned to this issue in the Python
driver: http://www.openwall.com/lists/oss-security/2013/05/31/6 
https://jira.mongodb.org/browse/PYTHON-532 
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2132

While "your" CVE-2013-2132 refers to 
https://jira.mongodb.org/browse/SERVER-9878, which AFAICS is a
different issue.

Cheers, Moritz


yup. different code bases, different CVE's even if the "same" problem.
should have gotten separate cves, sigh. We need better coordination.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJR6NY/AAoJEBYNRVNeJnmTa1oP/irxQJKdWeiHYm+hK3vDZ+k6
EihMvMSPfcpK3zWyVW1IZNTJhdhD8HBxYc8LnCysG2SiksuzPMv141QKGftFwHjO
f8PeGgbWmRRyfar5aRMQsjJQKVBeRrgF8b0mKugYeDdKmEeuE2D2pO+xgGk59gfK
oX2to6pU3kiF0uNVvOAYjVbn3tdd2zXnt0zUh1cFELxSWyNSsWSZbq5lbIg2c2Fv
ErKrZMhWgzK+ws5rhfZHzBN2qMYy2swLzx2MRaVxX2uL9FZJ5DNQ03Eo0AX3vuoU
mPQD6fI+1xdjxhjQGBs+qfR9G+XZY21MwQLR4sRxIkIAyFNBRZz6H1V3Z8JET3Qh
snR6hZCbtN5AQ9cwXL9rWb0NL5Ypt7FpkzqwNvZCb+tf0ORyTRGUy0hVXr54tX0/
VcgKeiyzSLWOOTZUZ3oPt/bvYIeQ9E5S+uvGgUC3wZy191mlBN8G73MTXOCGlXGy
IBYFioIVnrV+059C2kBOPV5k5it90ecZBoymVK+bskUUDhxCyWpuYaVfqWGTS7ec
X+HqkoC+zWsW5yuYLS9vyXRaB0KjV3GswFDkBi/m0YMfo69Nk8wDu2K3dKZEJMB3
rD6ZNVcDreJBhpfI/hK7hQr2abO24Pxw3uXSkxJGo/1x98Yn2KscRGcLL76FaxON
fsqXT2cdYbon3u0mZwcz
=mam6
-----END PGP SIGNATURE-----

Current thread:

CVE Request - MongoDB <=2.4.4 uninitialized object Florian (Jul 17)
- Re: CVE Request - MongoDB <=2.4.4 uninitialized object Kurt Seifried (Jul 17)
  - Re: CVE Request - MongoDB <=2.4.4 uninitialized object Dan Pasette (Jul 18)
    - Re: CVE Request - MongoDB <=2.4.4 uninitialized object Moritz Muehlenhoff (Jul 18)
    - Re: CVE Request - MongoDB <=2.4.4 uninitialized object Kurt Seifried (Jul 18)
    - Re: CVE Request - MongoDB <=2.4.4 uninitialized object Kurt Seifried (Jul 26)
    - Re: CVE Request - MongoDB <=2.4.4 uninitialized object Andreas Nilsson (Jul 30)
    - Re: CVE Request - MongoDB <=2.4.4 uninitialized object Moritz Muehlenhoff (Jul 22)
- CVE Request - LibModPlug <=0.8.8.4 multiple heap overflow Florian (Aug 07)
  - Re: CVE Request - LibModPlug <=0.8.8.4 multiple heap overflow Kurt Seifried (Aug 07)
    - Re: CVE Request - LibModPlug <=0.8.8.4 multiple heap overflow Florian (Aug 07)
    - Re: CVE Request - LibModPlug <=0.8.8.4 multiple heap overflow Kurt Seifried (Aug 09)
    - Re: CVE Request - LibModPlug <=0.8.8.4 multiple heap overflow Raphael Geissert (Aug 12)