[Git][security-tracker-team/security-tracker][master] mongodb: stretch triage

Sylvain Beucler beuc at debian.org
Tue Nov 24 23:05:28 GMT 2020 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f22b09e5 by Sylvain Beucler at 2020-11-25T00:04:39+01:00
mongodb: stretch triage
CVE-2018-20802 CVE-2018-20803 CVE-2018-20804 CVE-2018-20805 CVE-2019-20923 CVE-2019-20924 CVE-2019-20925

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8635,13 +8635,22 @@ CVE-2019-20926
 	RESERVED
 CVE-2019-20925 (An unauthenticated client can trigger denial of service by issuing spe ...)
 	- mongodb <removed>
+	[stretch] - mongodb <not-affected> (Vulnerable code introduced later)
 	NOTE: https://jira.mongodb.org/browse/SERVER-43751
+	NOTE: https://github.com/mongodb/mongo/commit/c1a956e084d39e6da75cd347e63d0064ed9151a8 (3.4.24, AGPL)
+	NOTE: Introduced by: 91800fc61913358350b658406065c5d893d2ba2c (v3.3.11)
 CVE-2019-20924 (A user authorized to perform database queries may trigger denial of se ...)
 	- mongodb <removed>
+	[stretch] - mongodb <not-affected> (Vulnerable code introduced later)
 	NOTE: https://jira.mongodb.org/browse/SERVER-44377
+	NOTE: https://github.com/mongodb/mongo/commit/e4338fa6e876e61e47f68e7f573ead7bcfbd06fc (v4.2.2, SSPL)
+	NOTE: Introduced by: https://github.com/mongodb/mongo/commit/34a1ce6a681e2637d3c29a49a9412efe63821178 (v4.1.9)
 CVE-2019-20923 (A user authorized to perform database queries may trigger denial of se ...)
 	- mongodb <removed>
+	[stretch] - mongodb <not-affected> (Vulnerable code introduced later)
 	NOTE: https://jira.mongodb.org/browse/SERVER-39481
+	NOTE: https://github.com/mongodb/mongo/commit/c9dd94ca1a571f9d145eaa9029d8ce905a86f933 (v4.0.7, SSPL)
+	NOTE: Introduced by: https://github.com/mongodb/mongo/commit/1c629fb3e0cfdf218a6cdb20882806e3b7dd9e9c (v3.7.1)
 CVE-1999-0199 (manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a ...)
 	- glibc 2.2-1
 CVE-2020-26572 (The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a  ...)
@@ -103397,16 +103406,27 @@ CVE-2019-9831 (The AirMore application through 1.6.1 for Android allows remote a
 	NOT-FOR-US: AirMore application for Android
 CVE-2018-20805 (A user authorized to perform database queries may trigger denial of se ...)
 	- mongodb <removed>
+	[stretch] - mongodb <not-affected> (Vulnerable code introduced later)
 	NOTE: https://jira.mongodb.org/browse/SERVER-38164
+	NOTE: https://github.com/mongodb/mongo/commit/66316884a4b1180a8cceb6381e3c51e56586fc3e (v3.6.10, SSPL)
+	NOTE: Introduced by: https://github.com/mongodb/mongo/commit/f77527a942347313e2848e050e89480bc3cadb95 (v3.5.4)
 CVE-2018-20804 (A user authorized to perform database queries may trigger denial of se ...)
 	- mongodb <removed>
+	[stretch] - mongodb <not-affected> (Vulnerable code introduced later)
 	NOTE: https://jira.mongodb.org/browse/SERVER-35636
+	NOTE: https://github.com/mongodb/mongo/commit/736d214fe2b1ad7cd9b57c05571b53628124668e (v3.6.13, SSPL)
+	NOTE: Introduced by: https://github.com/mongodb/mongo/commit/a69ae445303fc4821c6745866b3902623a385c1c (v3.5.10)
 CVE-2018-20803 (A user authorized to perform database queries may trigger denial of se ...)
 	- mongodb <removed>
 	NOTE: https://jira.mongodb.org/browse/SERVER-38070
+	NOTE: https://github.com/mongodb/mongo/commit/a2d97db8fe449d15eb8e275bbf318491781472bf (v3.4.19, AGPL)
+	NOTE: Introduced by: https://github.com/mongodb/mongo/commit/a8176cf1da9fdbcc48334bfb3c71fedf37e77879 (v3.1.7)
 CVE-2018-20802 (A user authorized to perform database queries may trigger denial of se ...)
 	- mongodb <removed>
+	[stretch] - mongodb <not-affected> (Vulnerable code introduced later)
 	NOTE: https://jira.mongodb.org/browse/SERVER-36993
+	NOTE: https://github.com/mongodb/mongo/commit/2b4634bb6512c5345de2ab8f698a687c6cec9973 (v3.6.9, AGPL)
+	NOTE: Introduced by: https://github.com/mongodb/mongo/commit/2f3b96e636329b68809bc63b681a862e3d3bccd5 (v3.6)
 CVE-2017-18363
 	RESERVED
 CVE-2015-9283



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f22b09e50576ef5cfeb21ee72c43dd755df2e7d0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f22b09e50576ef5cfeb21ee72c43dd755df2e7d0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201124/9d5cb50e/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list