-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 18 Apr 2025 16:28:00 -0400
Source: mongo-c-driver
Binary: libbson-1.0-0 libbson-1.0-0-dbgsym libbson-dev libmongoc-1.0-0 libmongoc-1.0-0-dbgsym libmongoc-dev
Architecture: amd64
Version: 1.23.1-1+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: amd64 / i386 Build Daemon (x86-csail-01) <buildd_amd64-x86-csail-01@buildd.debian.org>
Changed-By: Roberto C. Sanchez <roberto@connexer.com>
Description:
 libbson-1.0-0 - Library to parse and generate BSON documents - runtime files
 libbson-dev - Library to parse and generate BSON documents - dev files
 libmongoc-1.0-0 - MongoDB C client library - runtime files
 libmongoc-dev - MongoDB C client library - dev files
Changes:
 mongo-c-driver (1.23.1-1+deb12u1) bookworm; urgency=medium
 .
   * Fix CVE-2023-0437: When calling bson_utf8_validate on some inputs a loop
     with an exit condition that cannot be reached may occur, i.e. an infinite
     loop.
   * Fix CVE-2024-6381: The bson_strfreev function in the MongoDB C driver
     library may be susceptible to an integer overflow where the function will
     try to free memory at a negative offset. This may result in memory
     corruption.
   * Fix CVE-2024-6383: The bson_string_append function in MongoDB C Driver may
     be vulnerable to a buffer overflow where the function might attempt to
     allocate too small of buffer and may lead to memory corruption of
     neighbouring heap memory.
   * Fix CVE-2025-0755: The various bson_append functions in the MongoDB C
     driver library may be susceptible to buffer overflow when performing
     operations that could result in a final BSON document which exceeds the
     maximum allowable size (INT32_MAX), resulting in a segmentation fault and
     possible application crash.
Checksums-Sha1:
 cb8a8ec9bd4a037d369a8b71c746428b4a246040 223044 libbson-1.0-0-dbgsym_1.23.1-1+deb12u1_amd64.deb
 baaa8f4e20100b0b21cc24c70538209923a01352 76612 libbson-1.0-0_1.23.1-1+deb12u1_amd64.deb
 509d4bcca2df4a6236694b47b1d039128648b856 130040 libbson-dev_1.23.1-1+deb12u1_amd64.deb
 d0d8f970d69ab8a486236b7ea2f2a3393874f56c 1232392 libmongoc-1.0-0-dbgsym_1.23.1-1+deb12u1_amd64.deb
 5adbfa0e83211f07a8a0b4a07b510e3411a015eb 305176 libmongoc-1.0-0_1.23.1-1+deb12u1_amd64.deb
 6999d3420cbe47f9627c49b1eec1e77b0e21ed4c 365540 libmongoc-dev_1.23.1-1+deb12u1_amd64.deb
 94d8233a38d92389204442da0114be32836c4d7a 10151 mongo-c-driver_1.23.1-1+deb12u1_amd64-buildd.buildinfo
Checksums-Sha256:
 f873ca0defd985108fef218ba667c97ef75530e8f0f5c8b7f7826cfc213a46f3 223044 libbson-1.0-0-dbgsym_1.23.1-1+deb12u1_amd64.deb
 1eb05beac8ce5284b2ef176c710279a85f353ee559d20bbfee973db8af1e4155 76612 libbson-1.0-0_1.23.1-1+deb12u1_amd64.deb
 f27ff9d6f07cfc384db37d572aa3381f34cfbb07a79dcc777f53c0fbc4ab5a50 130040 libbson-dev_1.23.1-1+deb12u1_amd64.deb
 508484f72ffad8ac4f1448635c857b2e2050afc25943fbceb202eb43a4116d76 1232392 libmongoc-1.0-0-dbgsym_1.23.1-1+deb12u1_amd64.deb
 fc20435711946b558516ac37545210808a551ab6f0d3f3cbd188967d610ac160 305176 libmongoc-1.0-0_1.23.1-1+deb12u1_amd64.deb
 de3c8f9a46d3d01f1785c5652e4b7c25dc73e984380b489fd4a9e4964d42ca57 365540 libmongoc-dev_1.23.1-1+deb12u1_amd64.deb
 1388df5feddfce1220bca210815ada7f4e9db27e051378482092758bc24437f5 10151 mongo-c-driver_1.23.1-1+deb12u1_amd64-buildd.buildinfo
Files:
 44cebc9df065e5616a9555c61bc2314f 223044 debug optional libbson-1.0-0-dbgsym_1.23.1-1+deb12u1_amd64.deb
 e5a5446da63900b2e3dfe0aaddb8440a 76612 libs optional libbson-1.0-0_1.23.1-1+deb12u1_amd64.deb
 280c4506ca71c13a65aa0de8be0f057f 130040 libdevel optional libbson-dev_1.23.1-1+deb12u1_amd64.deb
 55445d57b6fa0d231b8791e3c7be7113 1232392 debug optional libmongoc-1.0-0-dbgsym_1.23.1-1+deb12u1_amd64.deb
 d7d284828ffead3995ca1d7a21d8c5a2 305176 libs optional libmongoc-1.0-0_1.23.1-1+deb12u1_amd64.deb
 1e6e27fd140714f080639947c7fd4412 365540 libdevel optional libmongoc-dev_1.23.1-1+deb12u1_amd64.deb
 81f4760d14eb0dd2cd5e982ded79ce57 10151 libs optional mongo-c-driver_1.23.1-1+deb12u1_amd64-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXNeYFUF3FbHcrtSeIy3Pg040HrAFAmgNLYcACgkQIy3Pg040
HrC/yw//WOHd9U2q9uxY3JFrmmJ+jfRdwNfkFaRkBLKiIGY+HTNDGUb8wuVbTN9L
2bBjuykCCuTIUGMJfvMHXMtdoYbyN7OX9KjExwv3IHZsUD4tr9iTKUUOT2gLR00G
EZW3khx0KN4lp2V44tTpJ42gRtBK6+YqxjkNS5zZHyEKxepU91i/C8MKHdIOFLSO
Na7iedqux2m7XATVRk0aQemnCR4Rw6caWfah4jcVzmgfDMWMgffriQGbkDa4YqU+
pOXqONcFRMYwaUUP4l3u2h4m1vykIF20E8TPlaxuYDY79cW2PGrD6aWVjIeNEO97
XiEPRKfpQi4mwTbO44tgU0aJSuW0Q/3zVk7dazqbJfvdrHyIHjMGZHIMJIZY+Siw
BfS49eSUWzTzIluhUgfaa6w9koKH17gCGB9SGIAaqQ0RWE0AZzpIcy5MwpLjOegb
dySVb3cQYoNnsIHokJPlK3/te/zrOU/nnFr3tkOXCTDM9yrxwaZy41IeLZSdQmHy
Du7+8dd+rMkL8XZmWsQMFB9BmeIjgv70baF2gStcgtEGv30+66BNNVJD47+JAyF0
cGXk2TPJ9uNrxCXCGxs5XK5uN61tVguU6crZvvQX5pDcUQhpWJliD2bAUJqMYWUE
3owDAWcek8WHmHstTWQr3mIIN8MWhPTwFY5moX6KyOGWONeQIIA=
=77M1
-----END PGP SIGNATURE-----