On Mon, 2016-08-08 at 11:52 +0200, Ola Lundqvist wrote: > Package : mongodb > Version : 2.0.6-1+deb7u1 > CVE ID : CVE-2016-6494 > Debian Bug : 832908, 833087 > > Two security related problems have been found in the mongodb > package, related to logging. > > CVE-2016-6494 > World-readable .dbshell history file > > TEMP-0833087-C5410D > Bruteforcable challenge responses in unprotected logfile [...] This temporary ID is not stable and shouldn't be used in a DLA or DSA. The Debian bug number, which you already included, is more useful. Ben. -- Ben Hutchings Beware of bugs in the above code; I have only proved it correct, not tried it. - Donald Knuth
Attachment:
signature.asc
Description: This is a digitally signed message part