Date: Fri, 19 Jul 2013 07:00:56 +0200 From: Moritz Muehlenhoff <jmm@...ian.org> To: oss-security@...ts.openwall.com Cc: kseifried@...hat.com, Andreas Nilsson <andreas.nilsson@...en.com>, Florian <floriangaultier@...il.com>, "A. Jesse Jiryu Davis" <jesse@...en.com> Subject: Re: CVE Request - MongoDB <=2.4.4 uninitialized object On Thu, Jul 18, 2013 at 08:14:39AM -0400, Dan Pasette wrote: > We already requested CVE-2013-2132 for this and it was fixed in version > 2.4.5. > > We announced it on mongodb-announce and have it listed in our alerts page > here: http://www.mongodb.org/about/alerts/ CVE-2013-2132 was already assigned to this issue in the Python driver: http://www.openwall.com/lists/oss-security/2013/05/31/6 https://jira.mongodb.org/browse/PYTHON-532 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2132 While "your" CVE-2013-2132 refers to https://jira.mongodb.org/browse/SERVER-9878, which AFAICS is a different issue. Cheers, Moritz
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.