projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fbc5486) | patch
package/mongodb: security bump to version 4.0.12
authorPeter Korsgaard <peter@korsgaard.com>
Tue, 1 Oct 2019 21:04:21 +0000 (23:04 +0200)
committerPeter Korsgaard <peter@korsgaard.com>
Wed, 2 Oct 2019 06:08:45 +0000 (08:08 +0200)
commit165e9c163c4d28025a5e1d3e5e6cfd0ad6476a7e
tree280166d26b44e0b1f3d4a378bb09eefb31be8064tree
parentfbc54866a34008a7880447ef1b2994c5701925cbcommit | diff
package/mongodb: security bump to version 4.0.12

Fixes the following (low severity) security vulnerabilities:

4.0.9:

- CVE-2019-2386: After user deletion in MongoDB Server the improper
  invalidation of authorization sessions allows an authenticated user's
  session to persist and become conflated with new accounts, if those
  accounts reuse the names of deleted ones
  https://jira.mongodb.org/browse/SERVER-38984

4.0.11:

- CVE-2019-2389: Incorrect scoping of kill operations in MongoDB Server's
  packaged SysV init scripts allow users with write access to the PID file
  to insert arbitrary PIDs to be killed when the root user stops the MongoDB
  process via SysV init
  https://jira.mongodb.org/browse/SERVER-40563

- CVE-2019-2390: An unprivileged user or program on Microsoft Windows which
  can create OpenSSL configuration files in a fixed location may cause
  utility programs shipped with MongoDB server versions less than 4.0.11
  https://jira.mongodb.org/browse/SERVER-42233

Plus a number of other bugfixes. For details, see the release notes:
https://docs.mongodb.com/manual/release-notes/4.0/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/mongodb/mongodb.hash diff | blob | history
package/mongodb/mongodb.mk diff | blob | history