PublicDateAtUSN: 2013-06-03
Candidate: CVE-2013-2132
PublicDate: 2013-08-15 17:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2132
 https://ubuntu.com/security/notices/USN-1897-1
Description:
 bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2,
 as used in MongoDB, allows context-dependent attackers to cause a denial of
 service (NULL pointer dereference and crash) via vectors related to
 decoding of an "invalid DBRef."
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710597
 https://jira.mongodb.org/browse/PYTHON-532
Priority: medium
Discovered-by: Jibbers McGee
Assigned-to: mdeslaur
CVSS: 

Patches_pymongo:
 upstream: https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2
upstream_pymongo: released (2.5.2-1)
lucid_pymongo: DNE
precise_pymongo: released (2.1-1ubuntu0.1)
quantal_pymongo: released (2.2-2ubuntu0.1)
raring_pymongo: released (2.2-4ubuntu0.1)
devel_pymongo: not-affected (2.5.2-1)