php-mongodb - Debian Package Tracker

general

source: php-mongodb (main)
version: 2.1.0-1
maintainer: Debian PHP PECL Maintainers (DMD)
uploaders: Ondřej Surý [DMD]
arch: all any
std-ver: 4.5.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.9.0+1.7.5-2
oldstable: 1.15.0+1.11.1+1.9.2+1.7.5-1
stable: 2.0.0-1
testing: 2.1.0-1
unstable: 2.1.0-1

versioned links

1.9.0+1.7.5-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.15.0+1.11.1+1.9.2+1.7.5-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.0.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.1.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

php-mongodb
php-mongodb-all-dev
php8.4-mongodb

action needed

A new upstream version is available: 2.3.2 high

A new upstream version 2.3.2 is available, you should consider packaging it.

Created: 2025-06-26 Last update: 2026-05-21 18:01

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2026-6811: Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is not MongoDB Server.

Created: 2026-05-15 Last update: 2026-05-18 18:31

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2026-6811: Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is not MongoDB Server.

Created: 2026-05-15 Last update: 2026-05-18 18:31

2 security issues in bullseye high

There are 2 open security issues in bullseye.

1 important issue:

CVE-2026-6811: Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is not MongoDB Server.

1 issue postponed or untriaged:

CVE-2021-32050: (needs triaging) Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed. Without due care, an application may inadvertently expose this sensitive information, e.g., by writing it to a log file. This issue only arises if an application enables the command listener feature (this is not enabled by default). This issue affects the MongoDB C Driver 1.0.0 prior to 1.17.7, MongoDB PHP Driver 1.0.0 prior to 1.9.2, MongoDB Swift Driver 1.0.0 prior to 1.1.1, MongoDB Node.js Driver 3.6 prior to 3.6.10, MongoDB Node.js Driver 4.0 prior to 4.17.0 and MongoDB Node.js Driver 5.0 prior to 5.8.0. This issue also affects users of the MongoDB C++ Driver dependent on the C driver 1.0.0 prior to 1.17.7 (C++ driver prior to 3.7.0).

Created: 2026-05-15 Last update: 2026-05-18 18:31

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 2.1.4-4, distribution unstable) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 6dbd509bb5894f9f6e1c38bd189d776a6cf6b501
Author: Ondřej Surý <ondrej@sury.org>
Date:   Mon Nov 24 07:16:44 2025 +0100

    Update changelog for 2.1.4-4 release

commit b2f99014cac9b49eea321c6fd93f17aceaeee643
Author: Ondřej Surý <ondrej@sury.org>
Date:   Mon Nov 24 07:16:36 2025 +0100

    Regenerate d/control
    
    Gbp-Dch: ignore

commit 00d198dc3252261b909b76907eecde84312e2f85
Author: Ondřej Surý <ondrej@sury.org>
Date:   Mon Nov 24 07:16:18 2025 +0100

    Update Build-Depends to dh-php >= 5.15 to enable -fpermissive only with gcc >= 14

commit 38b386e21774277e713aa36e587e36e387ba8bef
Author: Ondřej Surý <ondrej@sury.org>
Date:   Mon Nov 24 06:58:49 2025 +0100

    Revert "Add -Wno-error to CFLAGS"
    
    This reverts commit 851489bf486d2dcd9cfad81bebe82c31855c569c.

commit 5c1553d1afb39f2efbf7673978f7c131e398bb1e
Author: Ondřej Surý <ondrej@sury.org>
Date:   Mon Nov 24 06:58:37 2025 +0100

    Revert "Fix prototype matching in case -fpermissive was given"
    
    This reverts commit c0d5dc5fa107d7265b272a0abad7327afc3a4e60.

commit 90bcf3ac6e0f2a171a697501e9712de088a8dd2f
Author: Ondřej Surý <ondrej@sury.org>
Date:   Mon Nov 24 06:33:00 2025 +0100

    Update changelog for 2.1.4-3 release

commit c0d5dc5fa107d7265b272a0abad7327afc3a4e60
Author: Ondřej Surý <ondrej@sury.org>
Date:   Mon Nov 24 06:32:55 2025 +0100

    Fix prototype matching in case -fpermissive was given

commit 363a6af821d4e17f8c34674e3b05f781f031d9c8
Author: Ondřej Surý <ondrej@sury.org>
Date:   Sun Nov 23 14:08:27 2025 +0100

    Update changelog for 2.1.4-2 release

commit 2393bdae2bb98915986a190e5db5060d114531ac
Author: Ondřej Surý <ondrej@sury.org>
Date:   Sun Nov 23 14:06:11 2025 +0100

    Regenerate d/control
    
    Gbp-Dch: ignore

commit 742170fc1e74e25640678caa494b7216b27ec409
Author: Ondřej Surý <ondrej@sury.org>
Date:   Sun Nov 23 14:02:17 2025 +0100

    Build-Depend on php-all-dev (>= 2:97~) for PHP 8.5

commit f47097e51b0b4a006d2b5eda4c4da4702a3c7c6b
Author: Ondřej Surý <ondrej@sury.org>
Date:   Sun Nov 23 11:33:43 2025 +0100

    Update changelog for 2.1.4-1 release

commit a5e2313d3be6ea513d3bfbaa3997b696686fec90
Merge: 851489b 3a38a2b
Author: Ondřej Surý <ondrej@sury.org>
Date:   Sun Nov 23 11:33:31 2025 +0100

    Update upstream source from tag 'upstream/2.1.4'
    
    Update to upstream version '2.1.4'
    with Debian dir b4bbe99a6f3bf238f755aa4cb71bfb23d3d29dc6

commit 3a38a2b9f1d6228f17e3bc98cbd3624600ae820e
Author: Ondřej Surý <ondrej@sury.org>
Date:   Sun Nov 23 11:33:24 2025 +0100

    New upstream version 2.1.4

commit 851489bf486d2dcd9cfad81bebe82c31855c569c
Author: Ondřej Surý <ondrej@sury.org>
Date:   Sun Nov 23 11:32:44 2025 +0100

    Add -Wno-error to CFLAGS
    
    Gbp-Dch: ignore

Created: 2025-08-03 Last update: 2026-05-20 03:00

1 open merge request in Salsa normal

There is 1 open merge request for this package on Salsa. You should consider reviewing and/or merging these merge requests.

Created: 2025-11-24 Last update: 2025-11-24 06:01

lintian reports 15 warnings normal

Lintian reports 15 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2025-06-11 Last update: 2025-09-10 15:03

1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:

CVE-2026-6811: (needs triaging) Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is not MongoDB Server.

You can find information about how to handle this issue in the security team's documentation.

Created: 2026-05-15 Last update: 2026-05-18 18:31

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2026-6811: (needs triaging) Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is not MongoDB Server.

You can find information about how to handle this issue in the security team's documentation.

Created: 2026-05-15 Last update: 2026-05-18 18:31

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.5.1).

Created: 2018-02-02 Last update: 2026-03-31 15:01

testing migrations

This package will soon be part of the auto-openssl transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2025-08-13] php-mongodb 2.1.0-1 MIGRATED to testing (Debian testing watch)
[2025-06-10] Accepted php-mongodb 2.1.0-1 (source) into unstable (Ondřej Surý)
[2025-04-29] php-mongodb 2.0.0-1 MIGRATED to testing (Debian testing watch)
[2025-04-19] Accepted php-mongodb 2.0.0-1 (source) into unstable (Ondřej Surý)
[2025-03-16] php-mongodb 1.21.0-1 MIGRATED to testing (Debian testing watch)
[2025-03-11] Accepted php-mongodb 1.21.0-1 (source) into unstable (Ondřej Surý)
[2025-01-10] php-mongodb 1.20.1-1 MIGRATED to testing (Debian testing watch)
[2024-12-03] Accepted php-mongodb 1.20.1-1 (source) into unstable (Ondřej Surý)
[2024-12-02] Accepted php-mongodb 1.20.0-1 (source) into unstable (Ondřej Surý)
[2024-09-27] Accepted php-mongodb 1.19.4-3~exp4 (source) into experimental (Ondřej Surý)
[2024-09-24] Accepted php-mongodb 1.19.4-3~exp3 (source all amd64) into experimental (Ondřej Surý)
[2024-09-24] Accepted php-mongodb 1.19.4-3~exp2 (source all amd64) into experimental (Debian FTP Masters) (signed by: Ondřej Surý)
[2024-09-21] Accepted php-mongodb 1.19.4-2 (source) into experimental (Ondřej Surý)
[2024-07-10] php-mongodb 1.19.3-1 MIGRATED to testing (Debian testing watch)
[2024-07-04] Accepted php-mongodb 1.19.3-1 (source) into unstable (Ondřej Surý)
[2024-05-03] php-mongodb 1.15.0+1.11.1+1.9.2+1.7.5-1 MIGRATED to testing (Debian testing watch)
[2023-07-18] php-mongodb REMOVED from testing (Debian testing watch)
[2023-01-13] php-mongodb 1.15.0+1.11.1+1.9.2+1.7.5-1 MIGRATED to testing (Debian testing watch)
[2023-01-06] Accepted php-mongodb 1.15.0+1.11.1+1.9.2+1.7.5-1 (source) into unstable (Ondřej Surý)
[2022-01-09] php-mongodb 1.12.0+1.9.2+1.7.5-4 MIGRATED to testing (Debian testing watch)
[2022-01-03] Accepted php-mongodb 1.12.0+1.9.2+1.7.5-4 (source) into unstable (Ondřej Surý)
[2022-01-02] Accepted php-mongodb 1.12.0+1.9.2+1.7.5-3 (source all amd64) into unstable, unstable (Debian FTP Masters) (signed by: Ondřej Surý)
[2022-01-02] Accepted php-mongodb 1.12.0+1.9.2+1.7.5-2 (source all amd64) into unstable, unstable (Debian FTP Masters) (signed by: Ondřej Surý)
[2021-11-26] Accepted php-mongodb 1.11.1+1.9.2+1.7.5-4 (source all amd64) into unstable, unstable (Debian FTP Masters) (signed by: Ondřej Surý)
[2021-02-25] php-mongodb 1.9.0+1.7.5-2 MIGRATED to testing (Debian testing watch)
[2021-02-14] Accepted php-mongodb 1.9.0+1.7.5-2 (source) into unstable (Ondřej Surý)
[2020-03-26] php-mongodb 1.7.4-1 MIGRATED to testing (Debian testing watch)
[2020-03-21] Accepted php-mongodb 1.7.4-1 (source) into unstable (Ondřej Surý)
[2020-03-07] php-mongodb 1.7.3-1 MIGRATED to testing (Debian testing watch)
[2020-03-02] Accepted php-mongodb 1.7.3-1 (source) into unstable (Ondřej Surý)

bugs [bug history graph]

all: 2
RC: 0
I&N: 2
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 15)
buildd: logs, reproducibility, cross
popcon
browse source code
other distros
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.1.7-0ubuntu1
1 bug
patches for 2.1.7-0ubuntu1