diff -Nru mongodb-3.6.9+really3.6.8+90~g8e540c0b6d/debian/changelog mongodb-3.6.9+really3.6.8+90~g8e540c0b6d/debian/changelog
--- mongodb-3.6.9+really3.6.8+90~g8e540c0b6d/debian/changelog	2021-08-23 07:31:06.000000000 +0000
+++ mongodb-3.6.9+really3.6.8+90~g8e540c0b6d/debian/changelog	2021-08-26 14:36:35.000000000 +0000
@@ -1,3 +1,15 @@
+mongodb (1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3) focal-security; urgency=medium
+
+  [Heather Lemon]
+  * SECURITY UPDATE: message decompressor to incorrectly allocate memory (LP: #1933520)
+    - d/p/CVE-2019-20925-SERVER-43751-Recompute-compressor-manager-message-pa.patch:
+      An unauthenticated client can trigger denial of service by 
+      issuing specially crafted wire protocol messages, 
+      which cause the message decompressor to incorrectly allocate memory
+    - CVE-2019-20925 
+
+ -- Heather Lemon <heather.lemon@canonical.com>  Thu, 26 Aug 2021 14:36:35 +0000
+
 mongodb (1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.2) focal-security; urgency=medium
 
   [Heather Lemon]
diff -Nru mongodb-3.6.9+really3.6.8+90~g8e540c0b6d/debian/patches/CVE-2019-20925-SERVER-43751-Recompute-compressor-manager-message-pa.patch mongodb-3.6.9+really3.6.8+90~g8e540c0b6d/debian/patches/CVE-2019-20925-SERVER-43751-Recompute-compressor-manager-message-pa.patch
--- mongodb-3.6.9+really3.6.8+90~g8e540c0b6d/debian/patches/CVE-2019-20925-SERVER-43751-Recompute-compressor-manager-message-pa.patch	1970-01-01 00:00:00.000000000 +0000
+++ mongodb-3.6.9+really3.6.8+90~g8e540c0b6d/debian/patches/CVE-2019-20925-SERVER-43751-Recompute-compressor-manager-message-pa.patch	2021-08-26 14:36:35.000000000 +0000
@@ -0,0 +1,59 @@
+From c1a956e084d39e6da75cd347e63d0064ed9151a8 Mon Sep 17 00:00:00 2001
+From: Adam Cooper <adam.cooper@mongodb.com>
+Date: Tue, 8 Oct 2019 20:58:43 +0000
+Subject: CVE-2019-20925-SERVER-43751 Recompute compressor manager message parameters
+Origin: upstream, <https://github.com/mongodb/mongo/commit/c1a956e084d39e6da75cd347e63d0064ed9151a8
+Bug-Ubuntu: https://launchpad.net/bugs/1933520
+Forwarded: no
+Last-Update: 2021-08-26
+---
+ .../transport/message_compressor_manager.cpp  |  6 +++++-
+ .../message_compressor_manager_test.cpp       | 20 +++++++++++++++++++
+ 2 files changed, 25 insertions(+), 1 deletion(-)
+
+Index: mongodb-3.6.9+really3.6.8+90~g8e540c0b6d/src/mongo/transport/message_compressor_manager.cpp
+===================================================================
+--- mongodb-3.6.9+really3.6.8+90~g8e540c0b6d.orig/src/mongo/transport/message_compressor_manager.cpp
++++ mongodb-3.6.9+really3.6.8+90~g8e540c0b6d/src/mongo/transport/message_compressor_manager.cpp
+@@ -161,6 +161,10 @@ StatusWith<Message> MessageCompressorMan
+ 
+     LOG(3) << "Decompressing message with " << compressor->getName();
+ 
++    if (compressionHeader.uncompressedSize < 0) {
++        return {ErrorCodes::BadValue, "Decompressed message would be negative in size"};
++    }
++
+     size_t bufferSize = compressionHeader.uncompressedSize + MsgData::MsgDataHeaderSize;
+     if (bufferSize > MaxMessageSizeBytes) {
+         return {ErrorCodes::BadValue,
+Index: mongodb-3.6.9+really3.6.8+90~g8e540c0b6d/src/mongo/transport/message_compressor_manager_test.cpp
+===================================================================
+--- mongodb-3.6.9+really3.6.8+90~g8e540c0b6d.orig/src/mongo/transport/message_compressor_manager_test.cpp
++++ mongodb-3.6.9+really3.6.8+90~g8e540c0b6d/src/mongo/transport/message_compressor_manager_test.cpp
+@@ -315,6 +315,26 @@ TEST(MessageCompressorManager, MessageSi
+     ASSERT_NOT_OK(status);
+ }
+ 
++TEST(MessageCompressorManager, MessageSizeTooSmall) {
++    auto registry = buildRegistry();
++    MessageCompressorManager compManager(&registry);
++
++    auto badMessageBuffer = SharedBuffer::allocate(128);
++    MsgData::View badMessage(badMessageBuffer.get());
++    badMessage.setId(1);
++    badMessage.setResponseToMsgId(0);
++    badMessage.setOperation(dbCompressed);
++    badMessage.setLen(128);
++
++    DataRangeCursor cursor(badMessage.data(), badMessage.data() + badMessage.dataLen());
++    cursor.writeAndAdvance<LittleEndian<int32_t>>(dbQuery);
++    cursor.writeAndAdvance<LittleEndian<int32_t>>(-1);
++    cursor.writeAndAdvance<LittleEndian<uint8_t>>(registry.getCompressor("noop")->getId());
++
++    auto status = compManager.decompressMessage(Message(badMessageBuffer)).getStatus();
++    ASSERT_NOT_OK(status);
++}
++
+ TEST(MessageCompressorManager, RuntMessage) {
+     auto registry = buildRegistry();
+     MessageCompressorManager compManager(&registry);
diff -Nru mongodb-3.6.9+really3.6.8+90~g8e540c0b6d/debian/patches/series mongodb-3.6.9+really3.6.8+90~g8e540c0b6d/debian/patches/series
--- mongodb-3.6.9+really3.6.8+90~g8e540c0b6d/debian/patches/series	2021-08-23 07:30:27.000000000 +0000
+++ mongodb-3.6.9+really3.6.8+90~g8e540c0b6d/debian/patches/series	2021-08-26 14:34:36.000000000 +0000
@@ -10,3 +10,4 @@
 add-3.6.8+90~g8e540c0b6d-version.json.patch
 missing-include.patch
 CVE-2019-2386-SERVER-38984-Validate-unique-User-ID-on-UserCache-hi.patch
+CVE-2019-20925-SERVER-43751-Recompute-compressor-manager-message-pa.patch