[Bug 1750824] Re: Vulnerability in MongoDb version 3.4 up to 3.4.9

2018-04-12 Thread Nils Weiher
Thanks a lot costamagnagianfranco! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1750824 Title: Vulnerability in MongoDb version 3.4 up to 3.4.9 To manage notifications about this bug go to: https:

[Bug 1750824] Re: Vulnerability in MongoDb version 3.4 up to 3.4.9

2018-04-12 Thread LocutusOfBorg via ubuntu-bugs
(I honestly don't care about fixing this CVE for artful, that will go EOL in 3 months). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1750824 Title: Vulnerability in MongoDb version 3.4 up to 3.4.9

[Bug 1750824] Re: Vulnerability in MongoDb version 3.4 up to 3.4.9

2018-04-12 Thread LocutusOfBorg via ubuntu-bugs
of course, if somebody points out a patch, I'll be happy to do some paperwork and ask security team to upload it (if the patch is just few lines and is not "update to the latest version in artful too) :) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subsc

[Bug 1750824] Re: Vulnerability in MongoDb version 3.4 up to 3.4.9

2018-04-12 Thread LocutusOfBorg via ubuntu-bugs
I uploaded 3.4.14 in bionic, and 3.6 will follow in the next few days (before the release). ** Changed in: mongodb (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.

[Bug 1750824] Re: Vulnerability in MongoDb version 3.4 up to 3.4.9

2018-03-23 Thread Nils Weiher
Hello Robie Basak, I tried to squeeze this in before the feature freeze, but it was only only several days. > In theory yes, but this requires volunteers and we currently have none and we're well after feature freeze now. Is there any chance that the mongodb package for bionic will be updated to

[Bug 1750824] Re: Vulnerability in MongoDb version 3.4 up to 3.4.9

2018-03-22 Thread Robie Basak
** Changed in: mongodb (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1750824 Title: Vulnerability in MongoDb version 3.4 up to 3.4.9 To manage notifications a

[Bug 1750824] Re: Vulnerability in MongoDb version 3.4 up to 3.4.9

2018-03-22 Thread Robie Basak
> Is it possible to upgrade the package for bionic to the current latest version 3.6.3. In theory yes, but this requires volunteers and we currently have none and we're well after feature freeze now. Unfortunately in my testing 3.4.14 fails to build with the current packaging so bumping to 3.4.14

[Bug 1750824] Re: Vulnerability in MongoDb version 3.4 up to 3.4.9

2018-02-21 Thread Nils Weiher
** Description changed: Hello, please see the following vulnerablitiy: https://www.cvedetails.com/cve/CVE-2017-15535/ + + And the corresponding ticket confirming the vulnerability and the fix: + https://jira.mongodb.org/browse/SERVER-31273 The upcoming Ubuntu 18.04 release will i

[Bug 1750824] Re: Vulnerability in MongoDb version 3.4 up to 3.4.9

2018-02-21 Thread Hans Joachim Desserud
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-15535 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1750824 Title: Vulnerability in MongoDb version 3.4 up to 3.4.9 To manage notif