<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 07:49:37 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[DOCS-5109] Comment on: &quot;about/alerts.txt#security-related&quot;</title>
                <link>https://jira.mongodb.org/browse/DOCS-5109</link>
                <project id="10380" key="DOCS">Documentation</project>
                    <description>&lt;p&gt;03/25/2015	mongod	Remotely trigger a denial of service (crash) via a specially crafted regular expression.	2.6.8 and earlier, 3.0.0	2.6.9 and 3.0.1	CVE-2015-2327, CVE-2015-2328	&lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-17252&quot; title=&quot;Upgrade PCRE Version from 8.30 to Latest&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-17252&quot;&gt;&lt;del&gt;SERVER-17252&lt;/del&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-17252&quot; title=&quot;Upgrade PCRE Version from 8.30 to Latest&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-17252&quot;&gt;&lt;del&gt;SERVER-17252&lt;/del&gt;&lt;/a&gt; references CVE-2014-8964 within the ticket, and does not mention either CVE-2015-232x ID on the alerts page. There is no public reference to those two CVEs, and no indication if this is a typo, problems in MongoDB, or problems in PCRE since the original ticket is based on issues in that package. Can you clarify what those two CVE IDs relate to?&lt;/p&gt;
</description>
                <environment>&lt;br/&gt;
&lt;br/&gt;
*Location*: &lt;a href=&quot;http://www.mongodb.org/about/alerts/#security-related&quot;&gt;http://www.mongodb.org/about/alerts/#security-related&lt;/a&gt;&lt;br/&gt;
*User-Agent*: Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.17&lt;br/&gt;
*Screen Resolution*: 1920 x 1080&lt;br/&gt;
*repo*: mongodb-www-about&lt;br/&gt;
*source*: alerts&lt;br/&gt;
</environment>
        <key id="192046">DOCS-5109</key>
            <summary>Comment on: &quot;about/alerts.txt#security-related&quot;</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="-1">Unassigned</assignee>
                                    <reporter username="osvdb">Brian Martin</reporter>
                        <labels>
                            <label>collector-298ba4e7</label>
                    </labels>
                <created>Wed, 25 Mar 2015 23:03:57 +0000</created>
                <updated>Fri, 3 Nov 2017 11:16:42 +0000</updated>
                            <resolved>Wed, 1 Apr 2015 20:38:02 +0000</resolved>
                                                    <fixVersion>01112017-cleanup</fixVersion>
                                        <due></due>
                            <votes>0</votes>
                                    <watches>4</watches>
                                                                                                                <comments>
                            <comment id="864531" author="chris.sandulow" created="Thu, 26 Mar 2015 02:01:26 +0000"  >&lt;p&gt;Brian&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8964&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;CVE-2014-8964&lt;/a&gt; was issued for a vulnerability in a third party PCRE library. &lt;/p&gt;

&lt;p&gt;The MongoDB versions listed in ( &lt;a href=&quot;http://www.mongodb.org/about/alerts/#security-related&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://www.mongodb.org/about/alerts/#security-related&lt;/a&gt; ) are vulnerable to denial of service as they use this version of PCRE.&lt;/p&gt;

&lt;p&gt;Even though the actual vulnerability is in the underlying PCRE library, we received a vulnerability report from a third party regarding exploiting this version of PCRE in MongoDB to cause a denial of service. That external party requested CVEs for the issues they identified in MongoDB and those CVEs are CVE-2015-2327 and CVE-2015-2328.&lt;/p&gt;

&lt;p&gt;I understand this can be confusing; we will update &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-17252&quot; title=&quot;Upgrade PCRE Version from 8.30 to Latest&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-17252&quot;&gt;&lt;del&gt;SERVER-17252&lt;/del&gt;&lt;/a&gt; with more detail to help clarify this.&lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Thu, 26 Mar 2015 00:22:29 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        8 years, 47 weeks ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>jess.mokrzecki@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            8 years, 47 weeks ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>osvdb</customfieldvalue>
            <customfieldvalue>chris.sandulow@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrqg07:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hs7hlr:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrzkif:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                </customfields>
    </item>
</channel>
</rss>