From d146485de18f807015a17926918c7c4a02de48a5 Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Tue, 25 Jan 2022 18:34:22 +0100 Subject: [PATCH] package/mongodb: security bump to version 4.2.18 Fix CVE-2021-20330: An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.25; MongoDB Server v4.2 versions prior to 4.2.14; MongoDB Server v4.4 versions prior to 4.4.6. Drop third patch (already in version) https://docs.mongodb.com/master/release-notes/4.2/ Signed-off-by: Fabrice Fontaine Signed-off-by: Thomas Petazzoni (cherry picked from commit 49bbf644d4acd3dfe6f3fd0db39e6fed78abf58f) Signed-off-by: Peter Korsgaard --- package/mongodb/mongodb.hash | 2 +- package/mongodb/mongodb.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/mongodb/mongodb.hash b/package/mongodb/mongodb.hash index 3b2580cc43..02da8ad452 100644 --- a/package/mongodb/mongodb.hash +++ b/package/mongodb/mongodb.hash @@ -1,4 +1,4 @@ # Locally computed: -sha256 ab5a8b6e967614a8ad67c0ca87124c4f380d4a476508973a7995d54ed902b02e mongodb-src-r4.2.11.tar.gz +sha256 5bbb9567cc1f358ac7d9f37d9fe749862728bdf9f742d1dfc5e35a8b6c2985ba mongodb-src-r4.2.18.tar.gz sha256 cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30 APACHE-2.0.txt sha256 09d99ca61eb07873d5334077acba22c33e7f7d0a9fa08c92734e0ac8430d6e27 LICENSE-Community.txt diff --git a/package/mongodb/mongodb.mk b/package/mongodb/mongodb.mk index 377484a00b..8220999df7 100644 --- a/package/mongodb/mongodb.mk +++ b/package/mongodb/mongodb.mk @@ -4,7 +4,7 @@ # ################################################################################ -MONGODB_VERSION = 4.2.11 +MONGODB_VERSION = 4.2.18 MONGODB_SITE = https://fastdl.mongodb.org/src MONGODB_SOURCE = mongodb-src-r$(MONGODB_VERSION).tar.gz