oss-sec mailing list archives
Re: CVE Request - MongoDB <=2.4.4 uninitialized object
From: Dan Pasette <dan () 10gen com>
Date: Thu, 18 Jul 2013 08:14:39 -0400
We already requested CVE-2013-2132 for this and it was fixed in version 2.4.5. We announced it on mongodb-announce and have it listed in our alerts page here: http://www.mongodb.org/about/alerts/ On Thu, Jul 18, 2013 at 12:39 AM, Kurt Seifried <kseifried () redhat com>wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/17/2013 04:23 AM, Florian wrote:Hi, Just a CVE request for this http://blog.scrt.ch/2013/06/04/mongodb-rce-by-databasespraying/ ThxPlease use CVE-2013-4142 for this issue. Also adding Mongo people to this, are you guys aware of this? Also is there a security alias I should be using (in case people are on vacation/etc? - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJR53F5AAoJEBYNRVNeJnmTYKUP+QGz72ykBk4A2gcmApgofq9s qmWGklP/nuWfR0LNbior4YIGQSXqW9m0LnUeCxHz5FAHhVRtBwV20/AYHH8tXFPZ n3WzJWkMM8DT9uXZcDqXV694Wo/b0FP6PXXq31OmXyJGgDu935RTFmDZdlwWCr60 Scb4KFatP1M4Wajf1i6l8fw25CsCCLB3pc9J5G626LkVlTqZ2gH3JUkVPKquqAFs 1EfTAx8gY/mjH036XPHp5mcgKmalsCHWDIb/xBlwS8xSdjgtPqjerA2WtfUerlrI fIN4sTklhNFwllrD4YSlLBEqyq1SWJlSZl1dJIuOJGrYocTU0DEiR37x2CDEUyIM 0rfGUbxgDJkpiRXVc1urdikN/uGpcC5KJmaUuF696aEfF9wlWEpNP/Ik/LtwS/9w 5m9bZx4zS1uilx5VFeUI98XSVVOcRbfjR2koYg1NwefcZXlfWVx7nAKShPVAll5Z BWtWPhg1mDnO2GN0Z/qcw5M2q9AdhiRJpnK0Z8QCmQrm4uDgErh+iVMUfiPXakNO rk0AU3UOORrsLb1VfxUzN+SC6C5OTEEyDU0x/9MG4xGyb8J0QTiF9ZZr4p8MFw+W xTeWFygbD/YHYsYAl0CO5WBPZMb6fux0OuMTkXtTcY2OedyP75jPdpXjWm/+Yxf7 MM/JV/ZUNQmgMheI+c8q =uB1p -----END PGP SIGNATURE-----
Current thread:
- CVE Request - MongoDB <=2.4.4 uninitialized object Florian (Jul 17)
- Re: CVE Request - MongoDB <=2.4.4 uninitialized object Kurt Seifried (Jul 17)
- Re: CVE Request - MongoDB <=2.4.4 uninitialized object Dan Pasette (Jul 18)
- Re: CVE Request - MongoDB <=2.4.4 uninitialized object Moritz Muehlenhoff (Jul 18)
- Re: CVE Request - MongoDB <=2.4.4 uninitialized object Kurt Seifried (Jul 18)
- Re: CVE Request - MongoDB <=2.4.4 uninitialized object Kurt Seifried (Jul 26)
- Re: CVE Request - MongoDB <=2.4.4 uninitialized object Andreas Nilsson (Jul 30)
- Re: CVE Request - MongoDB <=2.4.4 uninitialized object Dan Pasette (Jul 18)
- Re: CVE Request - MongoDB <=2.4.4 uninitialized object Moritz Muehlenhoff (Jul 22)
- Re: CVE Request - MongoDB <=2.4.4 uninitialized object Kurt Seifried (Jul 17)
- Re: CVE Request - LibModPlug <=0.8.8.4 multiple heap overflow Kurt Seifried (Aug 07)
- Re: CVE Request - LibModPlug <=0.8.8.4 multiple heap overflow Florian (Aug 07)
- Re: CVE Request - LibModPlug <=0.8.8.4 multiple heap overflow Kurt Seifried (Aug 09)
- Re: CVE Request - LibModPlug <=0.8.8.4 multiple heap overflow Raphael Geissert (Aug 12)