Hi Ben
Thank you for this information. Very good to know.
/ Ola
Sent from a phone
On Mon, 2016-08-08 at 11:52 +0200, Ola Lundqvist wrote:
> Package : mongodb
> Version : 2.0.6-1+deb7u1
> CVE ID : CVE-2016-6494
> Debian Bug : 832908, 833087
>
> Two security related problems have been found in the mongodb
> package, related to logging.
>
> CVE-2016-6494
> World-readable .dbshell history file
>
> TEMP-0833087-C5410D
> Bruteforcable challenge responses in unprotected logfile
[...]
This temporary ID is not stable and shouldn't be used in a DLA or DSA.
The Debian bug number, which you already included, is more useful.
Ben.
--
Ben Hutchings
Beware of bugs in the above code;
I have only proved it correct, not tried it. - Donald Knuth