Bug#850931: jessie-pu: package mongodb/1:2.4.10-5
Control: tags -1 + confirmed
On Wed, 2017-01-11 at 12:46 +0200, Apollon Oikonomopoulos wrote:
> - CVE-2016-6494[1] is fixed by backporting the patch already applied to
> 2.6 (once in sid).
>
> - TEMP-0833087-C5410D[2] is fixed by reimplementing upstream's fix for
> 2.6[3] using the infrastructure available in MongoDB 2.4.
> Unfortunately the mutable BSON infrastructure used in 2.6 is
> incomplete and unusable in 2.4. I benchmarked my own version and
> found no measurable performance impact.
Please go ahead.
fwiw:
+This fixes TEMP-0833087-C5410D and closes #833087.
The Security Team have previously requested that TEMP-* identifiers not
be used in changelogs at least; I'm not sure how far that extends to
things like patch headers.
Regards,
Adam
Reply to: