From ${URL} : A user triggerable null pointer occurs when parsing invalid DBref records. This was reported by Jibbers McGee. This can be triggered in Mongo shell: db.python532.insert({x : {"$ref" : "whatever"} }); Or in Python shell: import pymongo pymongo.MongoClient().test.python532.find_one() A workaround is reportedly available: Add "process_dbrefs=False" to all the drivers External reference: https://jira.mongodb.org/browse/PYTHON-532 A source code update is available at: https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2 @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Thx ago, this package has no stable candidate for now. Bumped in tree. +*pymongo-2.5.2 (02 Jun 2013) + + 02 Jun 2013; Ultrabug <ultrabug@gentoo.org> -pymongo-2.3.ebuild, + -pymongo-2.5.ebuild, -pymongo-2.5.1.ebuild, +pymongo-2.5.2.ebuild: + fix #472046 wrt #472034, drop old +
*** Bug 477324 has been marked as a duplicate of this bug. ***
Closing as noglsa.
CVE-2013-2132 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2132): bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef."
