[Bug 1750824] Re: Vulnerability in MongoDb version 3.4 up to 3.4.9
Thanks a lot costamagnagianfranco! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1750824 Title: Vulnerability in MongoDb version 3.4 up to 3.4.9 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mongodb/+bug/1750824/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1750824] [NEW] Vulnerability in MongoDb version 3.4 up to 3.4.9
Public bug reported: Hello, please see the following vulnerablitiy: https://www.cvedetails.com/cve/CVE-2017-15535/ And the corresponding ticket confirming the vulnerability and the fix: https://jira.mongodb.org/browse/SERVER-31273 The upcoming Ubuntu 18.04 release will include only MongoDb Version 3.4.7 Is it possible to upgrade the package for bionic to the current latest version 3.6.3. This version also includes the bind to localhost by default, as is the case for the packages in the official Ubuntu repositories. https://docs.mongodb.com/manual/release-notes/3.6-compatibility/ Please consider this upgrade, as it contains many more bugfixes. ** Affects: mongodb (Ubuntu) Importance: Undecided Status: New ** Tags: upgrade-software-version vulnerability -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1750824 Title: Vulnerability in MongoDb version 3.4 up to 3.4.9 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mongodb/+bug/1750824/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1750824] Re: Vulnerability in MongoDb version 3.4 up to 3.4.9
** Description changed: Hello, please see the following vulnerablitiy: https://www.cvedetails.com/cve/CVE-2017-15535/ + + And the corresponding ticket confirming the vulnerability and the fix: + https://jira.mongodb.org/browse/SERVER-31273 The upcoming Ubuntu 18.04 release will include only MongoDb Version 3.4.7 Is it possible to upgrade the package for bionic to the current latest version 3.6.3. This version also includes the bind to localhost by default, as is the case for the packages in the official Ubuntu repositories. https://docs.mongodb.com/manual/release-notes/3.6-compatibility/ Please consider this upgrade, as it contains many more bugfixes. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1750824 Title: Vulnerability in MongoDb version 3.4 up to 3.4.9 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mongodb/+bug/1750824/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1750824] Re: Vulnerability in MongoDb version 3.4 up to 3.4.9
Hello Robie Basak, I tried to squeeze this in before the feature freeze, but it was only only several days. > In theory yes, but this requires volunteers and we currently have none and we're well after feature freeze now. Is there any chance that the mongodb package for bionic will be updated to a 3.6 version after release? I would like to volunteer to do this, because in my work setting we try to rely on the Packages from official Ubuntu repositories. The problem is I dont have the necessary experience with packaging for Ubuntu, but if you can point me to some ressources on how I would approach this this would be very nice. Maybe in the future I would be able to help. Greetings from Heidelberg, Germany. Nils Weiher -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1750824 Title: Vulnerability in MongoDb version 3.4 up to 3.4.9 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mongodb/+bug/1750824/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
