oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request - MongoDB <=2.4.4 uninitialized object

From: Dan Pasette <dan () 10gen com>
Date: Thu, 18 Jul 2013 08:14:39 -0400
We already requested CVE-2013-2132 for this and it was fixed in version
2.4.5.

We announced it on mongodb-announce and have it listed in our alerts page
here: http://www.mongodb.org/about/alerts/


On Thu, Jul 18, 2013 at 12:39 AM, Kurt Seifried <kseifried () redhat com>wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/17/2013 04:23 AM, Florian wrote:

Hi,

Just a CVE request for this
http://blog.scrt.ch/2013/06/04/mongodb-rce-by-databasespraying/

Thx



Please use CVE-2013-4142 for this issue.

Also adding Mongo people to this, are you guys aware of this? Also is
there a security alias I should be using (in case people are on
vacation/etc?

- --
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJR53F5AAoJEBYNRVNeJnmTYKUP+QGz72ykBk4A2gcmApgofq9s
qmWGklP/nuWfR0LNbior4YIGQSXqW9m0LnUeCxHz5FAHhVRtBwV20/AYHH8tXFPZ
n3WzJWkMM8DT9uXZcDqXV694Wo/b0FP6PXXq31OmXyJGgDu935RTFmDZdlwWCr60
Scb4KFatP1M4Wajf1i6l8fw25CsCCLB3pc9J5G626LkVlTqZ2gH3JUkVPKquqAFs
1EfTAx8gY/mjH036XPHp5mcgKmalsCHWDIb/xBlwS8xSdjgtPqjerA2WtfUerlrI
fIN4sTklhNFwllrD4YSlLBEqyq1SWJlSZl1dJIuOJGrYocTU0DEiR37x2CDEUyIM
0rfGUbxgDJkpiRXVc1urdikN/uGpcC5KJmaUuF696aEfF9wlWEpNP/Ik/LtwS/9w
5m9bZx4zS1uilx5VFeUI98XSVVOcRbfjR2koYg1NwefcZXlfWVx7nAKShPVAll5Z
BWtWPhg1mDnO2GN0Z/qcw5M2q9AdhiRJpnK0Z8QCmQrm4uDgErh+iVMUfiPXakNO
rk0AU3UOORrsLb1VfxUzN+SC6C5OTEEyDU0x/9MG4xGyb8J0QTiF9ZZr4p8MFw+W
xTeWFygbD/YHYsYAl0CO5WBPZMb6fux0OuMTkXtTcY2OedyP75jPdpXjWm/+Yxf7
MM/JV/ZUNQmgMheI+c8q
=uB1p
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: