Re: git: b587cd0d698a - main - security/vuxml: Add mongodb{78}0 vulnerability
Date: Wed, 24 Dec 2025 18:10:57 UTC
Thanks for adding this.
NB: the entry for mongodb80 is not correct. This port is only for 8.0.x. Not for 8.2.x.
Regards,
Ronald
Van: Fernando Apeste=?utf-8?Q?gu=C3=ADa?= <fernape@FreeBSD.org>
Datum: 22 december 2025 10:22
Aan: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Onderwerp: git: b587cd0d698a - main - security/vuxml: Add mongodb{78}0 vulnerability
>
>
> The branch main has been updated by fernape:
>
> URL: https://cgit.FreeBSD.org/ports/commit/?id=b587cd0d698afe1c33ea0bddb42c8e505ef4ceb6
>
> commit b587cd0d698afe1c33ea0bddb42c8e505ef4ceb6
> Author: Fernando Apesteguía
> AuthorDate: 2025-12-22 09:21:17 +0000
> Commit: Fernando Apesteguía
> CommitDate: 2025-12-22 09:21:17 +0000
>
> security/vuxml: Add mongodb{78}0 vulnerability
>
> * CVE-2025-14847
> ---
> security/vuxml/vuln/2025.xml | 32 ++++++++++++++++++++++++++++++++
> 1 file changed, 32 insertions(+)
>
> diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
> index 3fa157e87559..ed5ff59c6426 100644
> --- a/security/vuxml/vuln/2025.xml
> +++ b/security/vuxml/vuln/2025.xml
> @@ -1,3 +1,35 @@
> +
> + MongoDB -- Improper Handling of Length Parameter Inconsistency
> +
> +
> + mongodb80
> + 8.2.3
> +
> +
> + mongodb70
> + 7.0.28
> +
> +
> +
> + http://www.w3.org/1999/xhtml">
> +
> https://jira.mongodb.org/browse/SERVER-115508 reports:
>
> + >> https://jira.mongodb.org/browse/SERVER-115508">
>> +
>> Mismatched length fields in Zlib compressed protocol
>> + headers may allow a read of uninitialized heap memory by an
>> + unauthenticated client.
>>
>> + >
> +
> +
> +
> + CVE-2025-14847
> + https://cveawg.mitre.org/api/cve/CVE-2025-14847>
> +
> +
> + 2025-12-19
> + 2025-12-22
> +
> +
> +
>
> traefik -- Inverted TLS Verification Logic in Kubernetes NGINX Provider
>
>
>
>
>
>
>