From ${URL} : Egor Homakov recently disclosed a vulnerability in the `bson` rubygem as seen here: http://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html Could we please get a CVE? By submitting a specially crafted string to a service relying on the bson rubygem, an attacker may trigger denials of service or even inject data into victim's MongoDB instances. Users are advised to update to versions >= 3.0.4 of the `bson` rubygem. Relevant commits can be seen here: https://github.com/mongodb/bson-ruby/compare/7446d7c6764dfda8dc4480ce16d5c023e74be5ca...28f34978a85b689a4480b4d343389bf4886522e7 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
bson-3.0.4 is now in the tree. There are no stable versions.
(In reply to Hans de Graaff from comment #1) > bson-3.0.4 is now in the tree. There are no stable versions. Are the old version affected? If yes you need to cleanup.
Please Cleanup: 1.6.2-r1, 1.12.0, 2.3.0
It has been 30 day, please cleanup!
./dev-ruby/mongo/mongo-1.12.0.ebuild:ruby_add_rdepend "~dev-ruby/bson-${PV}"
Maintainer(s), Thank you for you for cleanup. Thank you all. Closing as noglsa.
