Summary: | <dev-python/pymongo-2.5.2 : Null pointer when decoding invalid DBRef (CVE-2013-2132) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | bugs, julien, proxy-maint, python, ultrabug |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=969560 | ||
Whiteboard: | ~3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-06-01 19:09:56 UTC
Thx ago, this package has no stable candidate for now. Bumped in tree. +*pymongo-2.5.2 (02 Jun 2013) + + 02 Jun 2013; Ultrabug <ultrabug@gentoo.org> -pymongo-2.3.ebuild, + -pymongo-2.5.ebuild, -pymongo-2.5.1.ebuild, +pymongo-2.5.2.ebuild: + fix #472046 wrt #472034, drop old + *** Bug 477324 has been marked as a duplicate of this bug. *** Closing as noglsa. CVE-2013-2132 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2132): bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef." |