[Secure-testing-commits] r35085 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2015-06-21 07:53:50 +0000 (Sun, 21 Jun 2015)
New Revision: 35085

Modified:
   data/CVE/list
Log:
Update CVE-2015-1609/mongodb

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-06-21 07:23:33 UTC (rev 35084)
+++ data/CVE/list	2015-06-21 07:53:50 UTC (rev 35085)
@@ -8310,8 +8310,10 @@
 	RESERVED
 CVE-2015-1609 (MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers ...)
 	- mongodb 1:2.4.10-5 (bug #780129)
+	[wheezy] - mongodb <not-affected> (BSONElement::validate() checks length, problematic code introduced later)
 	[squeeze] - mongodb <not-affected> (BSONElement::validate() checks length (db/jsobj.cpp +589))
 	NOTE: https://jira.mongodb.org/browse/SERVER-17264
+	NOTE: Fast bson validate introduced with https://github.com/mongodb/mongo/commit/6889d1658136c753998b4a408dc8d1a3ec28e3b9 (r2.3.2)
 CVE-2015-1608 (Topline Opportunity Form (aka XLS Opp form) before 2015-02-15 does not ...)
 	NOT-FOR-US: Topline Opportunity Form
 CVE-2015-1605 (Multiple SQL injection vulnerabilities in Dell ScriptLogic Asset ...)