Your message dated Sun, 16 Jun 2013 18:34:26 +0000 with message-id <e1uohmu-0005jc...@franck.debian.org> and subject line Bug#710597: fixed in pymongo 2.2-4+deb7u1 has caused the Debian Bug report #710597, regarding pymongo: CVE-2013-2132: null pointer when decoding invalid DBRef to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 710597: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710597 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: pymongo Severity: grave Tags: security upstream patch Hi, the following vulnerability was published for pymongo. CVE-2013-2132[0]: null pointer when decoding invalid DBRef See [1] for details and upstream bugreport including reproducer for the issue. A patch was applied upstream in [2]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2132 http://security-tracker.debian.org/tracker/CVE-2013-2132 [1] https://jira.mongodb.org/browse/PYTHON-532 [2] https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2 I have checked 2.2-4, which seem affected. Please adjust the affected versions in the BTS as needed. Thanks for your work and regards, Salvatore
--- End Message ---
--- Begin Message ---Source: pymongo Source-Version: 2.2-4+deb7u1 We believe that the bug you reported is fixed in the latest version of pymongo, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 710...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Federico Ceratto <federico.cera...@gmail.com> (supplier of updated pymongo package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sat, 01 Jun 2013 18:38:42 +0100 Source: pymongo Binary: python-pymongo python-pymongo-ext python-pymongo-doc python-gridfs python-bson python-bson-ext Architecture: source amd64 all Version: 2.2-4+deb7u1 Distribution: stable-security Urgency: high Maintainer: Federico Ceratto <federico.cera...@gmail.com> Changed-By: Federico Ceratto <federico.cera...@gmail.com> Description: python-bson - Python implementation of BSON for MongoDB python-bson-ext - C-coded extension to the python-bson package python-gridfs - Python implementation of GridFS for MongoDB python-pymongo - Python interface to the MongoDB document-oriented database python-pymongo-doc - Python interface to the MongoDB document-oriented database (docum python-pymongo-ext - C-coded extension to the python-pymongo package Closes: 710597 Changes: pymongo (2.2-4+deb7u1) stable-security; urgency=high . * Fix "CVE-2013-2132: null pointer when decoding invalid DBRef" Backported upstream patches from version 2.5 (Closes: #710597) Checksums-Sha1: deaea9acff70c0c078a4668df3e62b59037cf2b1 1630 pymongo_2.2-4+deb7u1.dsc 09afcc6ea6b19a908df07401215c7e2ed8f89523 228794 pymongo_2.2.orig.tar.gz 78b23576c8c560ea10917939b75ee580ae065da0 6871 pymongo_2.2-4+deb7u1.debian.tar.gz 23bdf36e7bc202a49bc49c297f5e4da4457d44b7 81840 python-pymongo_2.2-4+deb7u1_amd64.deb ff470a6744460e35a94b896af057f95feda336c2 22900 python-pymongo-ext_2.2-4+deb7u1_amd64.deb 70f2fd4115c422edafb912700dff531058b49d66 846246 python-pymongo-doc_2.2-4+deb7u1_all.deb e57ca38b8dc95094b9d9500c7be72d85c52c77bb 24908 python-gridfs_2.2-4+deb7u1_all.deb 0b5a57e90c275f8bd7eeecc806f660969d159909 32516 python-bson_2.2-4+deb7u1_amd64.deb 41d27a93cc94ce79c8b3d4c92d9f609145418f4c 49596 python-bson-ext_2.2-4+deb7u1_amd64.deb Checksums-Sha256: 7913616323d2a9945a6db3263f491c495b6c365c4af62bc7adfd1536954293d3 1630 pymongo_2.2-4+deb7u1.dsc ac7952896ecfd5d9b4b9d8bb0077c95a0296ea21374df85e2ca32c237c0be57f 228794 pymongo_2.2.orig.tar.gz 12c221843b77f81197a840404d6cc570c74a914f1cde7017619b9317ea493045 6871 pymongo_2.2-4+deb7u1.debian.tar.gz 1526aad8bcb8f3a28bc82cad487066b3dc1c0492984b49b6ddaafdaba8fc93e5 81840 python-pymongo_2.2-4+deb7u1_amd64.deb 1f9081e635cd384fa67c58aee0d2d271f25487d4bb01d9c4de2a751582a32965 22900 python-pymongo-ext_2.2-4+deb7u1_amd64.deb 4c324bb0e33a294d457f4cc58956896ff2156337e14b0e94274524af9971c026 846246 python-pymongo-doc_2.2-4+deb7u1_all.deb e647a2e3e244c70251687542ba2cfc3f9a4f1a4fb7560c0bdc20fed85314f7c0 24908 python-gridfs_2.2-4+deb7u1_all.deb ecd162175facce9aeac1dca1765bae255b0cdcb2743da00caa96c17104a338d0 32516 python-bson_2.2-4+deb7u1_amd64.deb fc735e5c3aee20baaf268c290dff6dc1adbbcdad804a7d31762926d317f24b53 49596 python-bson-ext_2.2-4+deb7u1_amd64.deb Files: f9646eadab35807d3aed8deb9d0f024f 1630 python optional pymongo_2.2-4+deb7u1.dsc 101dd4ae59bdd487f67b3a3968a82c8c 228794 python optional pymongo_2.2.orig.tar.gz 9a14cbbfc4af120d54ce88b70435ea2e 6871 python optional pymongo_2.2-4+deb7u1.debian.tar.gz 53ccf5a7aadac01e65213184ec84ceaf 81840 python optional python-pymongo_2.2-4+deb7u1_amd64.deb 5f1729043d662bb4587a8a828a950b43 22900 python optional python-pymongo-ext_2.2-4+deb7u1_amd64.deb e1081a9b82f15ace4abab2e7bfe2ef4c 846246 doc optional python-pymongo-doc_2.2-4+deb7u1_all.deb 47a164cba32e2cf778095f7e9ff66d89 24908 python optional python-gridfs_2.2-4+deb7u1_all.deb 7cead2b6c2a3085a7ee32efdcc57e73f 32516 python optional python-bson_2.2-4+deb7u1_amd64.deb cc533d4b9ba1e7bd0be1cf0f65bb5bfe 49596 python optional python-bson-ext_2.2-4+deb7u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlGvMZQACgkQNxpp46476ap0iACfThdlk5ElUMSxrlDsZPYHy+yM 994An2ryaWl857C6KEHnjDBThn4MTCDV =kWAi -----END PGP SIGNATURE-----
--- End Message ---
