Subject: Bug#850931: jessie-pu: package mongodb/1:2.4.10-5

Severity: normal
Tags: jessie
User: [email protected]
Usertags: pu

Dear SRMs,

I would like to update MongoDB in stable to fix two low-impact security

- CVE-2016-6494[1] is fixed by backporting the patch already applied to
2.6 (once in sid).

- TEMP-0833087-C5410D[2] is fixed by reimplementing upstream's fix for
2.6[3] using the infrastructure available in MongoDB 2.4.
Unfortunately the mutable BSON infrastructure used in 2.6 is
incomplete and unusable in 2.4. I benchmarked my own version and
found no measurable performance impact.

Full source debdiff attached.



Attachment: mongodb_2.4.10-5+deb8u1.diff
Description: Text Data

Attachment: signature.asc
Description: PGP signature


Programming list archiving by: Enterprise Git Hosting