From ${URL} : Common Vulnerabilities and Exposures assigned an identifier CVE-2013-4650 to the following vulnerability: MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authenticated users to obtain internal system privileges by leveraging a username of __system in an arbitrary database. References: [1] http://www.mongodb.org/about/alerts/ External References: https://jira.mongodb.org/browse/SERVER-9983 Upstream patches: * against 2.4 branch: [2] https://github.com/mongodb/mongo/commit/23344f8b7506df694f66999693ee3c00dfd6afae [3] https://github.com/mongodb/mongo/commit/6ad56b63d33987ed153ba757e9f8169ef670f58e * against master branch: [4] https://github.com/mongodb/mongo/commit/c5ad04549e40b1069029026081d9324e9e06156c [5] https://github.com/mongodb/mongo/commit/fc9491ee7be6a7dc8a92a8422468284359073545 @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
04 Jul 2013; Ultrabug <ultrabug@gentoo.org> -mongodb-2.4.4.ebuild: drop CVE affected ebuilds wrt #475750 *mongodb-2.4.5 (04 Jul 2013) 04 Jul 2013; Ultrabug <ultrabug@gentoo.org> -mongodb-2.4.5_rc0.ebuild, +mongodb-2.4.5.ebuild: version bump, drop old thx ago, the tree is clean and no stable candidate exists
We're done here, then.
CVE-2013-4650 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4650): MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authenticated users to obtain internal system privileges by leveraging a username of __system in an arbitrary database.
