[Secure-testing-commits] r34595 - data/CVE
Guido Guenther
agx at moszumanska.debian.org
Sat May 30 13:49:00 UTC 2015
Author: agx
Date: 2015-05-30 13:49:00 +0000 (Sat, 30 May 2015)
New Revision: 34595
Modified:
data/CVE/list
Log:
Mark CVE-2015-1609/mongodb as not affected in squeeze
BSONElement::validate() in this version properly checks if the
string length is > 0 in:
...
case String: {
int x = valuestrsize();
if ( x > 0 && valuestr()[x-1] == 0 )
return;
...
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-05-30 13:44:10 UTC (rev 34594)
+++ data/CVE/list 2015-05-30 13:49:00 UTC (rev 34595)
@@ -6741,6 +6741,7 @@
RESERVED
CVE-2015-1609 (MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers ...)
- mongodb 1:2.4.10-5 (bug #780129)
+ [squeeze] - mongodb <not-affected> (BSONElement::validate() checks length (db/jsobj.cpp +589))
NOTE: https://jira.mongodb.org/browse/SERVER-17264
CVE-2015-1608 (Topline Opportunity Form (aka XLS Opp form) before 2015-02-15 does not ...)
NOT-FOR-US: Topline Opportunity Form
More information about the Secure-testing-commits
mailing list