Bug#850931: jessie-pu: package mongodb/1:2.4.10-5

To: Apollon Oikonomopoulos <apoikos@debian.org>, 850931@bugs.debian.org
Subject: Bug#850931: jessie-pu: package mongodb/1:2.4.10-5
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sun, 12 Feb 2017 22:40:52 +0000
Message-id: <[🔎] 1486939252.1837.65.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 850931@bugs.debian.org
In-reply-to: <20170130092849.4mk4bmfp7z2p4jvm@marvin.dmesg.gr>
References: <20170111104610.rlv6vweacbhq6eux@marvin.dmesg.gr> <1485621391.1797.19.camel@adam-barratt.org.uk> <20170130092849.4mk4bmfp7z2p4jvm@marvin.dmesg.gr>

Control: tags -1 + pending

On Mon, 2017-01-30 at 11:28 +0200, Apollon Oikonomopoulos wrote:
> On 16:36 Sat 28 Jan     , Adam D. Barratt wrote:
> > Control: tags -1 + confirmed
> > 
> > On Wed, 2017-01-11 at 12:46 +0200, Apollon Oikonomopoulos wrote:
> > >  - CVE-2016-6494[1] is fixed by backporting the patch already applied to 
> > >    2.6 (once in sid).
> > > 
> > >  - TEMP-0833087-C5410D[2] is fixed by reimplementing upstream's fix for 
> > >    2.6[3] using the infrastructure available in MongoDB 2.4.  
> > >    Unfortunately the mutable BSON infrastructure used in 2.6 is 
> > >    incomplete and unusable in 2.4. I benchmarked my own version and 
> > >    found no measurable performance impact.
> > 
> > Please go ahead.
> > 
> > fwiw:
> > 
> > +This fixes TEMP-0833087-C5410D and closes #833087.
> > 
> > The Security Team have previously requested that TEMP-* identifiers not
> > be used in changelogs at least; I'm not sure how far that extends to
> > things like patch headers.
> 
> Uploaded with the following interdiff:

Flagged for acceptance.

Regards,

Adam

Reply to:

Prev by Date: NEW changes in stable-new
Next by Date: Processed: Re: Bug#850931: jessie-pu: package mongodb/1:2.4.10-5
Previous by thread: NEW changes in stable-new
Next by thread: Processed: Re: Bug#850931: jessie-pu: package mongodb/1:2.4.10-5
Index(es):
- Date
- Thread