Re: git: b587cd0d698a - main - security/vuxml: Add mongodb{78}0 vulnerability

In reply to: Ronald Klop : "Re: git: b587cd0d698a - main - security/vuxml: Add mongodb{78}0 vulnerability"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Fernando_Apesteguía <fernape_at_freebsd.org>
Date: Wed, 24 Dec 2025 18:25:38 UTC

On Wed, Dec 24, 2025 at 7:11 PM Ronald Klop <ronald-lists@klop.ws> wrote:

> Thanks for adding this.
> NB: the entry for mongodb80 is not correct. This port is only for 8.0.x.
> Not for 8.2.x.
>

Thanks for the heads up. Should be fine now.

Cheers!


>
> Regards,
> Ronald
>
> *Van:* Fernando Apeste=?utf-8?Q?gu=C3=ADa?= <fernape@FreeBSD.org>
> *Datum:* 22 december 2025 10:22
> *Aan:* ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
> dev-commits-ports-main@FreeBSD.org
> *Onderwerp:* git: b587cd0d698a - main - security/vuxml: Add mongodb{78}0
> vulnerability
>
> The branch main has been updated by fernape:
>
> URL:
> https://cgit.FreeBSD.org/ports/commit/?id=b587cd0d698afe1c33ea0bddb42c8e505ef4ceb6
>
> commit b587cd0d698afe1c33ea0bddb42c8e505ef4ceb6
> Author:     Fernando Apesteguía
> AuthorDate: 2025-12-22 09:21:17 +0000
> Commit:     Fernando Apesteguía
> CommitDate: 2025-12-22 09:21:17 +0000
>
>     security/vuxml: Add mongodb{78}0 vulnerability
>
>      * CVE-2025-14847
> ---
>  security/vuxml/vuln/2025.xml | 32 ++++++++++++++++++++++++++++++++
>  1 file changed, 32 insertions(+)
>
> diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
> index 3fa157e87559..ed5ff59c6426 100644
> --- a/security/vuxml/vuln/2025.xml
> +++ b/security/vuxml/vuln/2025.xml
> @@ -1,3 +1,35 @@
> +
> +    MongoDB -- Improper Handling of Length Parameter Inconsistency
> +
> +
> +   mongodb80
> +   8.2.3
> +
> +
> +   mongodb70
> +   7.0.28
> +
> +
> +
> +   http://www.w3.org/1999/xhtml">
> +
>
> https://jira.mongodb.org/browse/SERVER-115508 reports:
>
> +
>
> https://jira.mongodb.org/browse/SERVER-115508">
> +
>
> Mismatched length fields in Zlib compressed protocol
> +   headers may allow a read of uninitialized heap memory by an
> +   unauthenticated client.
>
> +
>
>
> +
> +
> +
> +      CVE-2025-14847
> +      https://cveawg.mitre.org/api/cve/CVE-2025-14847>
> +     <https://cveawg.mitre.org/api/cve/CVE-2025-14847%3C/url>
> +
> +      2025-12-19
> +      2025-12-22
> +
> +   <https://cveawg.mitre.org/api/cve/CVE-2025-14847%3C/url>
> +
>
>      traefik -- Inverted TLS Verification Logic in Kubernetes NGINX
> Provider
>
>
> <https://cveawg.mitre.org/api/cve/CVE-2025-14847%3C/url>
> ------------------------------
> <https://cveawg.mitre.org/api/cve/CVE-2025-14847%3C/url>
> <https://cveawg.mitre.org/api/cve/CVE-2025-14847%3C/url>
>
>
>
>
> <https://cveawg.mitre.org/api/cve/CVE-2025-14847%3C/url>
>