I would like to update MongoDB in stable to fix two low-impact security
- CVE-2016-6494 is fixed by backporting the patch already applied to
2.6 (once in sid).
- TEMP-0833087-C5410D is fixed by reimplementing upstream's fix for
2.6 using the infrastructure available in MongoDB 2.4.
Unfortunately the mutable BSON infrastructure used in 2.6 is
incomplete and unusable in 2.4. I benchmarked my own version and
found no measurable performance impact.