Summary: | <dev-db/mongodb-{4.2.15,4.4.4}: DoS via crafted find query (CVE-2021-20326) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | minor | CC: | hydrapolic, ultrabug |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://jira.mongodb.org/browse/SERVER-53929 | ||
Whiteboard: | B3 [glsa?] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 809583 | ||
Bug Blocks: |
Description
John Helmert III
2021-06-24 01:00:16 UTC
(Removing glibc-2.34 blocker bug). Shall we? (Please file a new bug and have this bug depend on it.) I'd wait for https://github.com/gentoo/gentoo/pull/22052 being merged and then stabilize the latest 4.2 and 4.4. I'm also doing a binary package to deploy on some servers to test the glibc-2.34 patch (probably during the next week). I cleaned up some useless versions already, please proceed It's unclear to me which versions are actually fixed for each branch (and thus need stabilization). CVE/issue says 4.4.4, but there are obviously other branches, what's the fixed version for 4.2.x? (In reply to John Helmert III from comment #6) > It's unclear to me which versions are actually fixed for each branch (and > thus need stabilization). CVE/issue says 4.4.4, but there are obviously > other branches, what's the fixed version for 4.2.x? We have branches 4.2, 4.4 and 5.0 in portage. We are not going to stabilize 5.0 yet, so that's why the latest 4.2 and 4.4 versions are marked for stabilization. Resetting sanity check; package list is empty or all packages are done. Please cleanup. cleanup done Thanks! |