Vulnerability in MongoDb version 3.4 up to 3.4.9

> Is it possible to upgrade the package for bionic to the current latest version 3.6.3.

In theory yes, but this requires volunteers and we currently have none and we're well after feature freeze now.

Unfortunately in my testing 3.4.14 fails to build with the current packaging so bumping to 3.4.14 isn't quite so straightforward either, and also needs volunteers to provide a patch. Alternatively I'd be happy to upload a patch that fixes just this particular problem, but again we need someone to prepare and test that.

Hello Robie Basak,

I tried to squeeze this in before the feature freeze, but it was only only several days.

> In theory yes, but this requires volunteers and we currently have none and we're well after feature freeze now.

Is there any chance that the mongodb package for bionic will be updated to a 3.6 version after release?

I would like to volunteer to do this, because in my work setting we try to rely on the Packages from official Ubuntu repositories.

The problem is I dont have the necessary experience with packaging for Ubuntu, but if you can point me to some ressources on how I would approach this this would be very nice. Maybe in the future I would be able to help.

Greetings from Heidelberg, Germany.

Nils Weiher

I uploaded 3.4.14 in bionic, and 3.6 will follow in the next few days (before the release).

(I honestly don't care about fixing this CVE for artful, that will go EOL in 3 months).

of course, if somebody points out a patch, I'll be happy to do some paperwork and ask security team to upload it (if the patch is just few lines and is not "update to the latest version in artful too) :)

Thanks a lot costamagnagianfranco!