[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Does CVE-2015-1609 apply to squeeze's version of mongodb?

Hi,

On Tue, 10 Mar 2015, László Böszörményi (GCS) wrote:
> On Tue, Mar 10, 2015 at 4:24 PM, Raphael Hertzog <hertzog@debian.org> wrote:
> > I'm wondering whether CVE-2015-1609 is affecting the squeeze version. The
> > code base is vastly different between 1.4.4 and the current supported
> > releases.
>  I think it's not affected, but I'm not a security expert and don't
> have the exploit to test it against 1.4.x versions. I think neither
> the Wheezy version (v2.0) is affected. BSON support is modularized in
> it, but can't find the affected file nor the function in the source.
> It would be much better if someone with more security knowledge
> approve or refute me in this matter.

Do you know some upstream developers who could confirm/infirm this?

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
Reply to: