Does CVE-2015-1609 apply to squeeze's version of mongodb?

To: Laszlo Boszormenyi <gcs@debian.org>, 780129@bugs.debian.org
Cc: debian-lts@lists.debian.org, kapouer@melix.org
Subject: Does CVE-2015-1609 apply to squeeze's version of mongodb?
From: Raphael Hertzog <hertzog@debian.org>
Date: Tue, 10 Mar 2015 16:24:37 +0100
Message-id: <[🔎] 20150310152437.GA14564@home.ouaza.com>
Mail-followup-to: Raphael Hertzog <hertzog@debian.org>, Laszlo Boszormenyi <gcs@debian.org>, 780129@bugs.debian.org, debian-lts@lists.debian.org, kapouer@melix.org

Hello Laszlo,

I'm wondering whether CVE-2015-1609 is affecting the squeeze version. The
code base is vastly different between 1.4.4 and the current supported
releases.

The upstream announces mentions that it affects all "production releases"
but 1.4.4 is not part of the current production releases AFAIU.

I don't have any specific knowledge of that codebase and would like to
have your analysis on this issue.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/

Reply to:

Follow-Ups:
- Re: Does CVE-2015-1609 apply to squeeze's version of mongodb?
  - From: László Böszörményi (GCS) <gcs@debian.org>

Prev by Date: Re: Bug#780201: new codename needed for oldstable (due to squeeze-lts) when stable becomes oldstable
Next by Date: About the security issues affecting openldap in Squeeze
Previous by thread: About the security issues affecting macchanger in Squeeze
Next by thread: Re: Does CVE-2015-1609 apply to squeeze's version of mongodb?
Index(es):
- Date
- Thread