CVE-2017-15535 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15535): MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMessageCompressors (aka wire protocol compression), which exposes a vulnerability when enabled that could be exploited by a malicious attacker to deny service or modify memory. References: https://jira.mongodb.org/browse/SERVER-31273 @ Maintainer(s): Please bump to a fixed ebuild.
https://github.com/gentoo/gentoo/pull/6108
Thanks to Tomáš we have the fixed 3.4.10 now. I cleaned up all previous 3.4.x ebuilds from tree, we should be good now. Thanks!
(In reply to Ultrabug from comment #2) > Thanks to Tomáš we have the fixed 3.4.10 now. > > I cleaned up all previous 3.4.x ebuilds from tree, we should be good now. > > Thanks! Thank you, downgrading it to ~3 since no stable version was affected. GLSA Vote: No