[Git][security-tracker-team/security-tracker][master] add fix commits for mongo-c-driver CVES (CVE-2024-6383, CVE-2024-6381, CVE-2023-0437
Roberto C. Sánchez (@roberto)
roberto at debian.org
Fri Apr 18 21:29:58 BST 2025
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4795427c by Roberto C. Sánchez at 2025-04-18T16:29:43-04:00
add fix commits for mongo-c-driver CVES (CVE-2024-6383, CVE-2024-6381, CVE-2023-0437
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -84293,6 +84293,8 @@ CVE-2024-6383 (The bson_string_append function in MongoDB C Driver may be vulner
[bookworm] - mongo-c-driver <no-dsa> (Minor issue)
[bullseye] - mongo-c-driver <no-dsa> (Minor issue)
NOTE: https://jira.mongodb.org/browse/CDRIVER-5628
+ NOTE: Fixed by: https://github.com/mongodb/mongo-c-driver/commit/1d642e461e7c0e26abe3a90c7bbac081ac4a0053 (1.28.0)
+ NOTE: Fixed by: https://github.com/mongodb/mongo-c-driver/commit/7c34461863211be172e6317221d72e4429bed45e (1.27.1)
CVE-2024-6284 (In https://github.com/google/nftables IP addresses were encoded in th ...)
- golang-github-google-nftables 0.1.0-4 (bug #1071247)
[bookworm] - golang-github-google-nftables 0.1.0-4~deb12u1
@@ -84533,6 +84535,8 @@ CVE-2024-6381 (The bson_strfreev function in the MongoDB C driver library may be
[bookworm] - mongo-c-driver <no-dsa> (Minor issue)
[bullseye] - mongo-c-driver <no-dsa> (Minor issue)
NOTE: https://jira.mongodb.org/browse/CDRIVER-5622
+ NOTE: Fixed by: https://github.com/mongodb/mongo-c-driver/commit/361c2e669be1c41f9638530b3867f316e96692bb (1.27.0)
+ NOTE: Fixed by: https://github.com/mongodb/mongo-c-driver/commit/effd95c34ad421df94eec7c69236f0e4172552d0 (1.26.2)
CVE-2024-6341
REJECTED
CVE-2024-6264 (The Post Meta Data Manager plugin for WordPress is vulnerable to Store ...)
@@ -194924,6 +194928,8 @@ CVE-2023-0437 (When calling bson_utf8_validateon some inputs a loop with an exit
[bullseye] - mongo-c-driver <no-dsa> (Minor issue)
[buster] - mongo-c-driver <ignored> (Minor issue)
NOTE: https://jira.mongodb.org/browse/CDRIVER-4747
+ NOTE: Fixed by: https://github.com/mongodb/mongo-c-driver/commit/fd3a978b35cac8f3c78c4d9a1b08fd5aa4d440b8 (1.25.0)
+ NOTE: Fixed by: https://github.com/mongodb/mongo-c-driver/commit/be865dd759a28aa268232766f304d1bc11f1e8f7 (1.24.5)
CVE-2023-0436 (The affected versions of MongoDB Atlas Kubernetes Operator may print s ...)
NOT-FOR-US: MongoDB Atlas Kubernetes Operator
CVE-2022-48282 (Under very specific circumstances (see Required configuration section ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4795427c60fde1103f6171873e940a2e0228a831
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4795427c60fde1103f6171873e940a2e0228a831
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250418/54ef5e41/attachment.htm>
More information about the debian-security-tracker-commits
mailing list