23696 – libbson new security issue CVE-2018-16790

Bug 23696 - libbson new security issue CVE-2018-16790

Summary: libbson new security issue CVE-2018-16790

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	Guillaume Rousse
QA Contact:	Sec team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2018-10-15 23:24 CEST by David Walser
Modified:	2018-10-27 15:15 CEST (History)
CC List:	0 users

See Also:
Source RPM:	libbson-1.9.5-2.mga7.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2018-10-15 23:24:00 CEST

Fedora has issued an advisory on September 27:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BC6MFRYMLTJFVCRWXWISXI4R7J5WII4T/

Comment 1 David Walser 2018-10-15 23:28:55 CEST

mongo-c-driver update to go along with this:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/I52YWZHMPGILYFVMDMTX7UPL4BHSYXYB/

Comment 2 Guillaume Rousse 2018-10-27 10:37:12 CEST

mongo-c-driver package updated in cauldron.

Comment 3 Guillaume Rousse 2018-10-27 10:37:33 CEST

Fixed.

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Comment 4 David Walser 2018-10-27 14:29:22 CEST

You forgot to fix libbson.

Status: RESOLVED => REOPENED
Resolution: FIXED => (none)

Comment 5 Guillaume Rousse 2018-10-27 15:11:51 CEST

libbson standalone package is obsolete, its content is now provided by mongo-c-driver package. Excepted removing it from mirrors (which seem to be already done), there isn't much to fix.

Comment 6 David Walser 2018-10-27 15:15:32 CEST

I see, thanks.

Resolution: (none) => FIXED
Status: REOPENED => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.