[meta-oe,scarthgap,04/15] mongodb: ignore CVE-2025-14911

Message ID	20260207103359.4177243-4-skandigraun@gmail.com
State	New
Headers	show Return-Path: <skandigraun@gmail.com> ip: 209.85.128.52, mailfrom: skandigraun@gmail.com) From: Gyorgy Sarvari <skandigraun@gmail.com> To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][scarthgap][PATCH 04/15] mongodb: ignore CVE-2025-14911 Date: Sat, 7 Feb 2026 11:33:46 +0100 Message-ID: <20260207103359.4177243-4-skandigraun@gmail.com> In-Reply-To: <20260207103359.4177243-1-skandigraun@gmail.com> References: <20260207103359.4177243-1-skandigraun@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[meta-oe,scarthgap,01/15] imagemagick: patch CVE-2025-66628 \| expand [meta-oe,scarthgap,01/15] imagemagick: patch CVE-2025-66628 [meta-oe,scarthgap,02/15] libcupsfilters: patch CVE-2025-64503 [meta-oe,scarthgap,03/15] mongodb: upgrade 4.4.29 -> 4.4.30 [meta-oe,scarthgap,04/15] mongodb: ignore CVE-2025-14911 [meta-webserver,scarthgap,05/15] netdata: ignore CVE-2024-32019 [meta-oe,scarthgap,06/15] nodejs: upgrade 20.18.2 -> 20.20.0 [meta-networking,scarthgap,07/15] proftpd: ignore CVE-2021-47865 [meta-python,scarthgap,08/15] python3-aiohttp: patch CVE-2025-69225 [meta-python,scarthgap,09/15] python3-aiohttp: patch CVE-2025-69226 [meta-python,scarthgap,10/15] python3-aiohttp: patch CVE-2025-69228 [meta-python,scarthgap,11/15] python3-django: patch CVE-2025-64460 [meta-python,scarthgap,12/15] raptor2: patch CVE-2024-57822 and CVE-2024-57823 [meta-python,scarthgap,13/15] python3-eventlet: switch to PEP-517 build backend [meta-python,scarthgap,14/15] python3-tornado: mark CVE-2025-67725 patched [meta-python,scarthgap,15/15] python3-virtualenv: patch CVE-2026-22702

Message ID

20260207103359.4177243-4-skandigraun@gmail.com

State

New

Headers

From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-oe][scarthgap][PATCH 04/15] mongodb: ignore CVE-2025-14911
Date: Sat,  7 Feb 2026 11:33:46 +0100
Message-ID: <20260207103359.4177243-4-skandigraun@gmail.com>
In-Reply-To: <20260207103359.4177243-1-skandigraun@gmail.com>
References: <20260207103359.4177243-1-skandigraun@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[meta-oe,scarthgap,01/15] imagemagick: patch CVE-2025-66628 | expand

Commit Message

Gyorgy Sarvari Feb. 7, 2026, 10:33 a.m. UTC

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-14911

The CVE is currently tracked without valid CPE. The vulnerability
affects mongo-c-driver component, not mongodb. They are also stored
in different repositories.

Due to this, ignore this CVE.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../meta-python/recipes-dbs/mongodb/mongodb_git.bb               | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb b/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb
index 48bae85179..baa159adf8 100644
--- a/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb
+++ b/meta-oe/dynamic-layers/meta-python/recipes-dbs/mongodb/mongodb_git.bb
@@ -52,6 +52,7 @@  S = "${WORKDIR}/git"
 
 CVE_STATUS[CVE-2014-8180] = "not-applicable-config: Not affecting our configuration so it can be safely ignored."
 CVE_STATUS[CVE-2017-2665] = "not-applicable-config: Not affecting our configuration so it can be safely ignored."
+CVE_STATUS[CVE-2025-14911] = "cpe-incorrect: The vulnerability is about mongo-c-driver application, not mongodb"
 
 COMPATIBLE_HOST ?= '(x86_64|i.86|powerpc64|arm|aarch64).*-linux'

[meta-oe,scarthgap,04/15] mongodb: ignore CVE-2025-14911

Commit Message

Patch