Control: tags -1 + pending On Mon, 2017-01-30 at 11:28 +0200, Apollon Oikonomopoulos wrote: > On 16:36 Sat 28 Jan , Adam D. Barratt wrote: > > Control: tags -1 + confirmed > > > > On Wed, 2017-01-11 at 12:46 +0200, Apollon Oikonomopoulos wrote: > > > - CVE-2016-6494[1] is fixed by backporting the patch already applied to > > > 2.6 (once in sid). > > > > > > - TEMP-0833087-C5410D[2] is fixed by reimplementing upstream's fix for > > > 2.6[3] using the infrastructure available in MongoDB 2.4. > > > Unfortunately the mutable BSON infrastructure used in 2.6 is > > > incomplete and unusable in 2.4. I benchmarked my own version and > > > found no measurable performance impact. > > > > Please go ahead. > > > > fwiw: > > > > +This fixes TEMP-0833087-C5410D and closes #833087. > > > > The Security Team have previously requested that TEMP-* identifiers not > > be used in changelogs at least; I'm not sure how far that extends to > > things like patch headers. > > Uploaded with the following interdiff:
Flagged for acceptance. Regards, Adam
