[Git][security-tracker-team/security-tracker][master] mongodb: stretch triage

Sylvain Beucler beuc at debian.org
Wed Dec 2 15:48:26 GMT 2020 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
420483ee by Sylvain Beucler at 2020-12-02T16:46:08+01:00
mongodb: stretch triage
CVE-2018-20803 CVE-2019-2392 CVE-2019-2393 CVE-2020-7926 CVE-2020-7928

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9679,7 +9679,7 @@ CVE-2019-20925 (An unauthenticated client can trigger denial of service by issui
 	[stretch] - mongodb <not-affected> (Vulnerable code introduced later)
 	NOTE: https://jira.mongodb.org/browse/SERVER-43751
 	NOTE: https://github.com/mongodb/mongo/commit/c1a956e084d39e6da75cd347e63d0064ed9151a8 (3.4.24, AGPL)
-	NOTE: Introduced by: 91800fc61913358350b658406065c5d893d2ba2c (v3.3.11)
+	NOTE: Introduced by: https://github.com/mongodb/mongo/commit/91800fc61913358350b658406065c5d893d2ba2c (v3.3.11)
 CVE-2019-20924 (A user authorized to perform database queries may trigger denial of se ...)
 	- mongodb <removed>
 	[stretch] - mongodb <not-affected> (Vulnerable code introduced later)
@@ -54423,12 +54423,17 @@ CVE-2020-7929
 	RESERVED
 CVE-2020-7928 (A user authorized to perform database queries may trigger a read overr ...)
 	- mongodb <removed>
+	[stretch] - mongodb <not-affected> (Vulnerable code introduced later)
 	NOTE: https://jira.mongodb.org/browse/SERVER-49404
+	NOTE: https://github.com/mongodb/mongo/commit/e10ce2e779cd17c9ba217c49740cffd2bef72694 (v3.6.20, SSPL)
+	NOTE: Introduced by: https://github.com/mongodb/mongo/commit/5b8b1ca6364342d5a1bf21ec6c707edfae0f3555 (v3.5.5)
 CVE-2020-7927 (Specially crafted API calls may allow an authenticated user who holds  ...)
 	NOT-FOR-US: MongoDB Ops Manager
 CVE-2020-7926 (A user authorized to perform database queries may cause denial of serv ...)
 	- mongodb <removed>
+	[stretch] - mongodb <postponed> (Minor issue, authenticated DoS)
 	NOTE: https://jira.mongodb.org/browse/SERVER-50170
+	NOTE: https://github.com/mongodb/mongo/commit/859ec65c84f201e7aa687865633a2fa34e318174 (v4.4.1, SSPL)
 CVE-2020-7925 (Incorrect validation of user input in the role name parser may lead to ...)
 	- mongodb <removed>
 	[stretch] - mongodb <not-affected> (Vulnerable code introduced later)
@@ -104536,6 +104541,7 @@ CVE-2018-20804 (A user authorized to perform database queries may trigger denial
 	NOTE: Introduced by: https://github.com/mongodb/mongo/commit/a69ae445303fc4821c6745866b3902623a385c1c (v3.5.10)
 CVE-2018-20803 (A user authorized to perform database queries may trigger denial of se ...)
 	- mongodb <removed>
+	[stretch] - mongodb <postponed> (Minor issue, authenticated DoS)
 	NOTE: https://jira.mongodb.org/browse/SERVER-38070
 	NOTE: https://github.com/mongodb/mongo/commit/a2d97db8fe449d15eb8e275bbf318491781472bf (v3.4.19, AGPL)
 	NOTE: Introduced by: https://github.com/mongodb/mongo/commit/a8176cf1da9fdbcc48334bfb3c71fedf37e77879 (v3.1.7)
@@ -125311,10 +125317,14 @@ CVE-2019-2394
 	RESERVED
 CVE-2019-2393 (A user authorized to perform database queries may trigger denial of se ...)
 	- mongodb <removed>
+	[stretch] - mongodb <postponed> (Minor issue, authenticated DoS)
 	NOTE: https://jira.mongodb.org/browse/SERVER-43350
+	NOTE: https://github.com/mongodb/mongo/commit/785b41740a216429573a89a5df82f96064965559 (v3.6.15, SSPL)
 CVE-2019-2392 (A user authorized to perform database queries may trigger denial of se ...)
 	- mongodb <removed>
+	[stretch] - mongodb <postponed> (Minor issue, authenticated DoS)
 	NOTE: https://jira.mongodb.org/browse/SERVER-43699
+	NOTE: https://github.com/mongodb/mongo/commit/b5ff43f92c0e562121477e8253a56b2d83825571 (v3.4.24, AGPL)
 CVE-2019-2391 (Incorrect parsing of certain JSON input may result in js-bson not corr ...)
 	[experimental] - node-mongodb 3.5.5+~cs11.12.19-1
 	- node-mongodb 3.5.6+~cs11.12.19-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/420483eef4cbaeaf6fad6a9a92960c93b4aeb383

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/420483eef4cbaeaf6fad6a9a92960c93b4aeb383
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201202/8ba5192f/attachment.html>

More information about the debian-security-tracker-commits mailing list