Information on source package mongodb

Available versions

ReleaseVersion
jessie1:2.4.10-5+deb8u1
stretch1:3.2.11-2+deb9u1
sid1:3.4.18-2

Open issues

BugjessiestretchsidDescription
CVE-2019-2389vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerableIncorrect scoping of kill operations in MongoDB Server's packaged SysV ...
CVE-2019-2386vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerableAfter user deletion in MongoDB Server the improper invalidation of aut ...
CVE-2016-3104vulnerable (no DSA)fixedfixedmongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remot ...

Open unimportant issues

BugjessiestretchsidDescription
CVE-2015-2328vulnerablevulnerablevulnerablePCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related ...
CVE-2015-2327vulnerablevulnerablevulnerablePCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern ...

Resolved issues

BugDescription
TEMP-0833087-C5410Dbruteforcable challenge responses in unprotected logfile
CVE-2017-15535MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by- ...
CVE-2016-6494The client in MongoDB uses world-readable permissions on .dbshell hist ...
CVE-2015-7882Improper handling of LDAP authentication in MongoDB Server versions 3. ...
CVE-2015-1609MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers t ...
CVE-2014-3971The CmdAuthenticate::_authenticateX509 function in db/commands/authent ...
CVE-2013-4650MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authen ...
CVE-2013-3969The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through 2 ...
CVE-2013-1892MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate ...
CVE-2012-6619The default configuration for MongoDB before 2.3.2 does not validate o ...

Security announcements

DSA / DLADescription
DLA-588-2mongodb - regression update
DLA-588-1mongodb - security update

Search for package or bug name: Reporting problems