Bug#850931: jessie-pu: package mongodb/1:2.4.10-5
Control: tags -1 + pending
On Mon, 2017-01-30 at 11:28 +0200, Apollon Oikonomopoulos wrote:
> On 16:36 Sat 28 Jan , Adam D. Barratt wrote:
> > Control: tags -1 + confirmed
> >
> > On Wed, 2017-01-11 at 12:46 +0200, Apollon Oikonomopoulos wrote:
> > > - CVE-2016-6494[1] is fixed by backporting the patch already applied to
> > > 2.6 (once in sid).
> > >
> > > - TEMP-0833087-C5410D[2] is fixed by reimplementing upstream's fix for
> > > 2.6[3] using the infrastructure available in MongoDB 2.4.
> > > Unfortunately the mutable BSON infrastructure used in 2.6 is
> > > incomplete and unusable in 2.4. I benchmarked my own version and
> > > found no measurable performance impact.
> >
> > Please go ahead.
> >
> > fwiw:
> >
> > +This fixes TEMP-0833087-C5410D and closes #833087.
> >
> > The Security Team have previously requested that TEMP-* identifiers not
> > be used in changelogs at least; I'm not sure how far that extends to
> > things like patch headers.
>
> Uploaded with the following interdiff:
Flagged for acceptance.
Regards,
Adam
Reply to: