Your message dated Wed, 27 Mar 2013 12:48:01 +0000 with message-id <e1ukplp-0000h8...@franck.debian.org> and subject line Bug#704042: fixed in mongodb 1:2.0.6-1.1 has caused the Debian Bug report #704042, regarding CVE-2013-1892 -- mongodb: Remote shell access via run method's use of native_helper to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 704042: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704042 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: mongodb Severity: grave Tags: security Dear Maintainer, Please see here for details [1] and a link to the upstream commit [2]: [1] https://security-tracker.debian.org/tracker/CVE-2013-1892 [2] https://jira.mongodb.org/browse/SERVER-9124 Regrads -- Prach Pongpanich
--- End Message ---
--- Begin Message ---Source: mongodb Source-Version: 1:2.0.6-1.1 We believe that the bug you reported is fixed in the latest version of mongodb, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 704...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. John Paul Adrian Glaubitz <glaub...@physik.fu-berlin.de> (supplier of updated mongodb package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 27 Mar 2013 13:08:10 +0100 Source: mongodb Binary: mongodb mongodb-server mongodb-clients mongodb-dev Architecture: source amd64 Version: 1:2.0.6-1.1 Distribution: testing-proposed-updates Urgency: high Maintainer: Antonin Kral <a.k...@sh.cvut.cz> Changed-By: John Paul Adrian Glaubitz <glaub...@physik.fu-berlin.de> Description: mongodb - object/document-oriented database (metapackage) mongodb-clients - object/document-oriented database (client apps) mongodb-dev - object/document-oriented database (development) mongodb-server - object/document-oriented database (server package) Closes: 704042 Changes: mongodb (1:2.0.6-1.1) testing-proposed-updates; urgency=high . * Non-maintainer upload. * Include patch to address remote vulnerability CVE-2013-1895 (Closes: #704042). Checksums-Sha1: b02a71c4fded6618f1fb1f1ca053c30f28572046 2251 mongodb_2.0.6-1.1.dsc 0e276274e32c589117635f3d6df0ff0d64a62ae0 2836857 mongodb_2.0.6.orig.tar.gz 89cf9e1753394eb8b79752ab8b8e344aea004b41 24331 mongodb_2.0.6-1.1.debian.tar.gz 7abfa70e320ccbb5d67a170f7d1be9b5a9064965 10456 mongodb_2.0.6-1.1_amd64.deb d7a62719a1a5d8d00858c4a5cebab6ca8bf72fad 4307718 mongodb-server_2.0.6-1.1_amd64.deb b0d0440484fc8550c028fe764c3a5e45a4ac6cd7 16793134 mongodb-clients_2.0.6-1.1_amd64.deb cfbfe473cc54c6a26b645f00f858330a5c918424 1907698 mongodb-dev_2.0.6-1.1_amd64.deb Checksums-Sha256: 2a66b9455d9a406ae047a7b7fa0e56c17f0794ff2f03a9bc1454dbe2bd53d12f 2251 mongodb_2.0.6-1.1.dsc 201133a810c908140ea00f84c8257a96cdd6bb84fa0c0a33e42e478628666c3f 2836857 mongodb_2.0.6.orig.tar.gz 00299de114246e1b3f24d556a17a985b58a2a032e63163d3c308ef1eec02298d 24331 mongodb_2.0.6-1.1.debian.tar.gz 2631c62a0d28228a47aed1782fd51b6623ee93d139b19cc3e498667c446bdd96 10456 mongodb_2.0.6-1.1_amd64.deb 0c225302fabe322d5cc1bfd96097117a94e2ed1b7b0498acc7720cc24d6af710 4307718 mongodb-server_2.0.6-1.1_amd64.deb aaad56ea212a7082694d1f9304a6eb3963a368b68c53df5921cc78a3b4c1f3b2 16793134 mongodb-clients_2.0.6-1.1_amd64.deb d1a7c974050ad413c11afbe5af4da26f7e006172582b7cf141718df16e5c192f 1907698 mongodb-dev_2.0.6-1.1_amd64.deb Files: 2463a70340dc8ab401137a9a834c9842 2251 database optional mongodb_2.0.6-1.1.dsc 111521f1b6b3379b4dd5fbc1e8f038cf 2836857 database optional mongodb_2.0.6.orig.tar.gz 9ceb596dd2608b2164993b4867c2251b 24331 database optional mongodb_2.0.6-1.1.debian.tar.gz ad764fdfbf1f98160d46054d925887ac 10456 database optional mongodb_2.0.6-1.1_amd64.deb 15e14000f1bd2c77afca93f6a9c8eb07 4307718 database optional mongodb-server_2.0.6-1.1_amd64.deb e44aabe6b1cd76b8a366151ed7dd5bb3 16793134 database optional mongodb-clients_2.0.6-1.1_amd64.deb 12b8952deefb0bfc5ddd506507c8fb1d 1907698 libdevel optional mongodb-dev_2.0.6-1.1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJRUuejAAoJEHQmOzf1tfkTL7YQAIR80wKIvoBkmBLbWKZE8UKM G8f2mZB2l+X3oQ+P+Nd3JLjAESEjEUb7wubJZZsaq8C6/LsZxCDFDBX5QWB/MJs5 vm2KjZvLfysVrN2a4oy/ARvexpvwfBVPyQEk92Uh/0xmYprRuLvogm77MWiwddOI Ns9/zAVmKSKaBnA9DgCW9vlc7LzBGL0NhGBnh3/t4VKwpRKNLKyykVaDutgq46uf WkryrfCNf6vmgvWR9j0NBKfkM6TFlDPdYDSCJa408FFiYKIM1xr3MXYsDO3/wE7g CjgcQ3tRBpsAE7lM9YV90/kVKS5RrLYeJ6CKE2GrEkZg0QqJIk8LxuFRbzIoFPgz Huw27ELsBULneFcqkoDlU9fLBYG0cndluj60eQPGLgZyzL+x0rO6a2BwRXpiAPrK rN01s3fS4LOuUD+iEMdBfZStxGWmAulH3tvcx/iWVVyx1K9rQzi6kNUnRLT+sbhm SNRTwRZGbYqNogxEh0RpSQoo0sBkFD/L2TBAcqLdvdCLuAjwNiafAq/D711ODrpq SBcuKXjfRRtSmETFAShdbNbiEKPKPbGflrs5EteeNAdIF2x2/8ikEaakbqoy7ymu n/CWcukxSAz5J/z/QMP0Kz5HnsRdYSrLoge40CJq+JLUSxe2yTwDP+T3RecLVPwR hLv1uECl4DWRqrWjjbrU =uHx3 -----END PGP SIGNATURE-----
--- End Message ---
