Hi Ondřej, On Sat, May 16, 2026 at 09:25:14AM +0100, Ondřej Surý wrote: > I feel this is one these “security” issues that don’t deserve > fixing: > > > in unusual circumstances when the source of these BSON documents > > is not MongoDB Server. > > This feels like Curriculum Vitae Enhancement and not real security > issue as this reads “are you parsing data from untrusted sources”?
Ack, so let's mark it no-dsa for older series and just fix it in unstable/forky once it enters with the new upstream version? Apparently the CVE itself was assigned by the MongoDB CNA itself, so they apparently did still consider it with security impact. Thanks a lot for this quick comment, much appreciated! Salvatore
