Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20130719050056.GA9059@inutil.org>
Date: Fri, 19 Jul 2013 07:00:56 +0200
From: Moritz Muehlenhoff <jmm@...ian.org>
To: oss-security@...ts.openwall.com
Cc: kseifried@...hat.com, Andreas Nilsson <andreas.nilsson@...en.com>,
	Florian <floriangaultier@...il.com>,
	"A. Jesse Jiryu Davis" <jesse@...en.com>
Subject: Re: CVE Request - MongoDB <=2.4.4 uninitialized
	object

On Thu, Jul 18, 2013 at 08:14:39AM -0400, Dan Pasette wrote:
> We already requested CVE-2013-2132 for this and it was fixed in version
> 2.4.5.
> 
> We announced it on mongodb-announce and have it listed in our alerts page
> here: http://www.mongodb.org/about/alerts/

CVE-2013-2132 was already assigned to this issue in the Python driver:
http://www.openwall.com/lists/oss-security/2013/05/31/6
https://jira.mongodb.org/browse/PYTHON-532
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2132

While "your" CVE-2013-2132 refers to
https://jira.mongodb.org/browse/SERVER-9878, which AFAICS is a different
issue.

Cheers,
        Moritz

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.