-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 18 Apr 2025 16:28:00 -0400 Source: mongo-c-driver Binary: libbson-doc libmongoc-doc Architecture: all Version: 1.23.1-1+deb12u1 Distribution: bookworm Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-grnet-03) Changed-By: Roberto C. Sanchez Description: libbson-doc - Library to parse and generate BSON documents - documentation libmongoc-doc - MongoDB C client library - documentation Changes: mongo-c-driver (1.23.1-1+deb12u1) bookworm; urgency=medium . * Fix CVE-2023-0437: When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. * Fix CVE-2024-6381: The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. * Fix CVE-2024-6383: The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. * Fix CVE-2025-0755: The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. Checksums-Sha1: d835f4afb4dd8b5d6b11afb932bc5baa9864fc2a 442804 libbson-doc_1.23.1-1+deb12u1_all.deb 446c39b5f1537b8577289b7f3736e663b9c3e485 1241240 libmongoc-doc_1.23.1-1+deb12u1_all.deb a748e29a6a62b3bfdc3a72c7c990fc3c9db57884 8868 mongo-c-driver_1.23.1-1+deb12u1_all-buildd.buildinfo Checksums-Sha256: 098b90bfa9f5ba80bc197fb90d4a332fd24c55b432bf4d29489764e6b5dc5336 442804 libbson-doc_1.23.1-1+deb12u1_all.deb dd21783b61fc0ebcbd6ad851f9a765cdf727e9b21edc52e2f951a50b9b813e39 1241240 libmongoc-doc_1.23.1-1+deb12u1_all.deb df83cce77597ddda0248ebcc495dcac388bd13ca8e1a1189268278bc13a2cf15 8868 mongo-c-driver_1.23.1-1+deb12u1_all-buildd.buildinfo Files: 5f5db1201783505f5f7ff799aff182b7 442804 doc optional libbson-doc_1.23.1-1+deb12u1_all.deb f1eceb8074aae9eb22191d38f244aadd 1241240 doc optional libmongoc-doc_1.23.1-1+deb12u1_all.deb 5fd762ae777132e4b7d683aa604b9c01 8868 libs optional mongo-c-driver_1.23.1-1+deb12u1_all-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEHqtYLkdKRyCY94K8fUw6/tXbAmMFAmgNLbUACgkQfUw6/tXb AmOvNQ//XAsQ7atm8EpBQPAw0MkxdmCidxUAKG9UwVdPMDFozmknB3xu1RmJ3kEr FJGOcUd3foJJFJGnnhDvQkAMlM0YMtpLOU2xBcpIiMW6utFO7xOGKvNhIprp1m92 U3YDhcpGiuz73pYqhWyh4gEqguxXKRXYSP6fXHQs4d46ApTKIU3BFdI3w93L+5bv 2r0WBooUQTjlSHhcjAi25Kg1VsxAscYgmG39xwA6IdYi1VAhJae7V48vDJN75/Vo JRtekksPUKGqFvaRDx7s1z5wlYDvUCWWUnHXFAVKUphhv3vRYonRNFjNfpDJX4In VVX66ziOfH1Hmer+L9sZCBiWhXFtGkOVwf7zcGLt1zxCmNmqlPiAXU4QkKa0a3mk 95jhrcsp5gntvy6+/4cILA8D/w7j3rL4EjZV46INlsNyQJ7AQjZfiIPGBOH0jETD qUgqoKwTG1eIdlsA79uUkWzpWX9dBQBTFGWjkhC+Je3CCalUXCIPhI3z0djhtNnI kZ9Gq4YHXJRSRHC34WO6bB2+pRqmKRk06ApniV7CRIl9/NKyXROz0eX57NbU3nT4 QvINH3Hbs09zRbJlil3MvEmJ6jxymS5K9Gn4JEORTPwD/HZfQsYSB+ut6BSzoFdO Qk9eN9NDtNLwXEoxQIPd6AKFx8srR1HiJcXHDIW+3I4gcExrkcI= =fj5d -----END PGP SIGNATURE-----