Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: def96603 by Salvatore Bonaccorso at 2020-02-24T06:31:12+01:00 mongodb removed from unstable - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -72266,7 +72266,7 @@ CVE-2019-2391 CVE-2019-2390 (An unprivileged user or program on Microsoft Windows which can create ...) NOT-FOR-US: Microsoft CVE-2019-2389 (Incorrect scoping of kill operations in MongoDB Server's packaged SysV ...) - - mongodb <unfixed> (low) + - mongodb <removed> (low) [stretch] - mongodb <ignored> (Minor issue) [jessie] - mongodb <ignored> (Minor issue) CVE-2019-2388 @@ -72274,7 +72274,7 @@ CVE-2019-2388 CVE-2019-2387 RESERVED CVE-2019-2386 (After user deletion in MongoDB Server the improper invalidation of aut ...) - - mongodb <unfixed> (low; bug #934783) + - mongodb <removed> (low; bug #934783) [stretch] - mongodb <ignored> (Minor issue) [jessie] - mongodb <ignored> (Trivial workaround available) NOTE: https://jira.mongodb.org/browse/SERVER-38984 @@ -232943,7 +232943,7 @@ CVE-2015-2749 (Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x bef CVE-2015-2329 (Cross-site scripting (XSS) vulnerability in the WooCommerce plugin bef ...) NOT-FOR-US: WooCommerce plugin for WordPress CVE-2015-2328 (PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related ...) - - mongodb <unfixed> (unimportant) + - mongodb <removed> (unimportant) NOTE: CVE for bundled version of pcre3 in mongodb NOTE: https://jira.mongodb.org/browse/SERVER-17252 NOTE: Since 1:2.0.0-1 mongodb uses the system pcre3 @@ -232955,7 +232955,7 @@ CVE-2015-2328 (PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and rel NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1498 NOTE: http://www.openwall.com/lists/oss-security/2015/05/31/4 CVE-2015-2327 (PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern ...) - - mongodb <unfixed> (unimportant) + - mongodb <removed> (unimportant) NOTE: CVE for bundled version of pcre3 in mongodb NOTE: https://jira.mongodb.org/browse/SERVER-17252 NOTE: Since 1:2.0.0-1 mongodb uses the system pcre3 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/def9660363b5ccca5ef91d59aa365497277911bc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/def9660363b5ccca5ef91d59aa365497277911bc You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits