-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 18 Apr 2025 16:28:00 -0400
Source: mongo-c-driver
Binary: libbson-1.0-0 libbson-1.0-0-dbgsym libbson-dev libmongoc-1.0-0 libmongoc-1.0-0-dbgsym libmongoc-dev
Architecture: arm64
Version: 1.23.1-1+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: arm Build Daemon (arm-ubc-01) <buildd_arm64-arm-ubc-01@buildd.debian.org>
Changed-By: Roberto C. Sanchez <roberto@connexer.com>
Description:
 libbson-1.0-0 - Library to parse and generate BSON documents - runtime files
 libbson-dev - Library to parse and generate BSON documents - dev files
 libmongoc-1.0-0 - MongoDB C client library - runtime files
 libmongoc-dev - MongoDB C client library - dev files
Changes:
 mongo-c-driver (1.23.1-1+deb12u1) bookworm; urgency=medium
 .
   * Fix CVE-2023-0437: When calling bson_utf8_validate on some inputs a loop
     with an exit condition that cannot be reached may occur, i.e. an infinite
     loop.
   * Fix CVE-2024-6381: The bson_strfreev function in the MongoDB C driver
     library may be susceptible to an integer overflow where the function will
     try to free memory at a negative offset. This may result in memory
     corruption.
   * Fix CVE-2024-6383: The bson_string_append function in MongoDB C Driver may
     be vulnerable to a buffer overflow where the function might attempt to
     allocate too small of buffer and may lead to memory corruption of
     neighbouring heap memory.
   * Fix CVE-2025-0755: The various bson_append functions in the MongoDB C
     driver library may be susceptible to buffer overflow when performing
     operations that could result in a final BSON document which exceeds the
     maximum allowable size (INT32_MAX), resulting in a segmentation fault and
     possible application crash.
Checksums-Sha1:
 cd284c25d8aa498a5fdadbac929e6d5417738afb 230688 libbson-1.0-0-dbgsym_1.23.1-1+deb12u1_arm64.deb
 f1a92453d2c4b5236c445ba377af90ab447b09de 72256 libbson-1.0-0_1.23.1-1+deb12u1_arm64.deb
 7fbf7ef49e0067d299e7e97b2b94b8ccff251a28 129472 libbson-dev_1.23.1-1+deb12u1_arm64.deb
 28d443f6b568b39f8c7725121a21abdf2d7ecc36 1231200 libmongoc-1.0-0-dbgsym_1.23.1-1+deb12u1_arm64.deb
 415f7bbef9a1bb450fed2d8078a081f7ac044ee6 278852 libmongoc-1.0-0_1.23.1-1+deb12u1_arm64.deb
 aa90f8d441f35a7b9c5f761e93b82a751dbe10e8 366676 libmongoc-dev_1.23.1-1+deb12u1_arm64.deb
 18679e020f1fb8c66a815ddd7f074fabac7ee00d 10150 mongo-c-driver_1.23.1-1+deb12u1_arm64-buildd.buildinfo
Checksums-Sha256:
 80117e5ad49bbf1c7a74ecced2eedc850ec68b2202c5d8d12935a0c536860779 230688 libbson-1.0-0-dbgsym_1.23.1-1+deb12u1_arm64.deb
 618682e3dae3b37b774f5303cf750f7d45e3cf81e6462aab280e85106ee76976 72256 libbson-1.0-0_1.23.1-1+deb12u1_arm64.deb
 51fb766672d4c296516699512556e29dc7a2d693008dd87e407b640815849fd1 129472 libbson-dev_1.23.1-1+deb12u1_arm64.deb
 6159f40c99cf6930aba29c8f9c6639a8813da2d9bbbb9b03d28ec7152cb69e6c 1231200 libmongoc-1.0-0-dbgsym_1.23.1-1+deb12u1_arm64.deb
 e390a5e4fb46ba8715a5546795c64fdc89bb6e2badda9e0146f5a12297cdb825 278852 libmongoc-1.0-0_1.23.1-1+deb12u1_arm64.deb
 72796adeffeede1a94f0fe4cacf00b0d99c8f2a8264670275fc3e29a0fbc0262 366676 libmongoc-dev_1.23.1-1+deb12u1_arm64.deb
 4d8547fbfbf4cec7e19ff3517458ba9eea928976734eeab93dee1d3c7edd828e 10150 mongo-c-driver_1.23.1-1+deb12u1_arm64-buildd.buildinfo
Files:
 722d7ddaa933cd9623fc689e4ddb8cec 230688 debug optional libbson-1.0-0-dbgsym_1.23.1-1+deb12u1_arm64.deb
 040f67e666b4ac63c894c531b87fab70 72256 libs optional libbson-1.0-0_1.23.1-1+deb12u1_arm64.deb
 365da7af7e4dabc33dcae1f950b30f51 129472 libdevel optional libbson-dev_1.23.1-1+deb12u1_arm64.deb
 70cdbb60c094541bb165aa218c918ee6 1231200 debug optional libmongoc-1.0-0-dbgsym_1.23.1-1+deb12u1_arm64.deb
 4f8da590db36432b8401d227ffafe142 278852 libs optional libmongoc-1.0-0_1.23.1-1+deb12u1_arm64.deb
 aa5c9d3c3d98304e083ff4c9cfd1de72 366676 libdevel optional libmongoc-dev_1.23.1-1+deb12u1_arm64.deb
 af2eb5e8206a9b60906d9c985d3e31a5 10150 libs optional mongo-c-driver_1.23.1-1+deb12u1_arm64-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEq41qkgEcGaML+/CnCr/D/stJkDwFAmgNLp8ACgkQCr/D/stJ
kDzAFw//YBl2o1PZJXW5KuddtMZWUiFHXXuKk6Sx0jtjABfbA3H2Ah9FIs5aunw5
a66FYw2YLvHnlM36cBwFBMI/33UThrdgg4VVbqCOxHdESkcylXAkLGNNZOqNIBHp
DiZ4QlvFntfCzy00dDEtUpc1VpxBMPFnr48taKN25c0P6z3U1hjnIvOpuDiA3PsE
DL3hV6JDVld77meMcL5pUhAfvNlqRELhjXBjlzBJff7KbeyeV4IeBIDeajjv9j3N
eLrBqKbsZjk8bjoyB6LIVHk16nt+Mg8nMfXYPdo9cS6iN5oH99smfmTnmLrhBDzH
F0G0WiLTSEg9Gxu6/JE7El+wPJ1rTUIzuszRQRleQrjJIrX7kRYv9+igHO4ByrSa
flbfP6F0aYGyHGiXUjQ2Aiy9aAtPpMcr50coj+BNofM5aHYhV6xq64x/7gNCuhps
rdtmbOkdzVZei6dwBL6lCAlhcskrOr/vg5QKGOscb1VSwKT3AlQMC2V8ephuKydW
dATg9m8AKp+IMD57TWnmumdSHeCK5orqDXdQzobB2lGs+OTvQv11WPNKPhbGGh9J
LLqo3wtFtu9g4AljdApg1PcBVTBe1aXtLNBzJ2OD3SFXB/oMSQ8KUYe28z2OTElj
hUgiqCck5AECaBWM48vr/b0BNU74Ywconrsm6ZAKl0E8nJdfvIg=
=zSoV
-----END PGP SIGNATURE-----