-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 18 Apr 2025 16:28:00 -0400 Source: mongo-c-driver Binary: libbson-1.0-0 libbson-1.0-0-dbgsym libbson-dev libmongoc-1.0-0 libmongoc-1.0-0-dbgsym libmongoc-dev Architecture: armel Version: 1.23.1-1+deb12u1 Distribution: bookworm Urgency: medium Maintainer: arm Build Daemon (arm-conova-03) Changed-By: Roberto C. Sanchez Description: libbson-1.0-0 - Library to parse and generate BSON documents - runtime files libbson-dev - Library to parse and generate BSON documents - dev files libmongoc-1.0-0 - MongoDB C client library - runtime files libmongoc-dev - MongoDB C client library - dev files Changes: mongo-c-driver (1.23.1-1+deb12u1) bookworm; urgency=medium . * Fix CVE-2023-0437: When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. * Fix CVE-2024-6381: The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. * Fix CVE-2024-6383: The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. * Fix CVE-2025-0755: The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. Checksums-Sha1: 3dacbbe58f21d92001d18ad56cbe869ad5066a1b 222560 libbson-1.0-0-dbgsym_1.23.1-1+deb12u1_armel.deb b3e30ff3df99af4c4330a0677966412264652102 71404 libbson-1.0-0_1.23.1-1+deb12u1_armel.deb 7bcb3299bb221782277bfe318151e9946c466b87 123604 libbson-dev_1.23.1-1+deb12u1_armel.deb 0558a840e74d336391e44ef1473a00b905425049 1203188 libmongoc-1.0-0-dbgsym_1.23.1-1+deb12u1_armel.deb ed32c599595785d49544389c8ec2938421043555 272376 libmongoc-1.0-0_1.23.1-1+deb12u1_armel.deb b1b78c5ee9e24657533fd02f1d1183611e7e70c5 345908 libmongoc-dev_1.23.1-1+deb12u1_armel.deb de48e945f89cfc40341592ebfae66f1f82c88008 10024 mongo-c-driver_1.23.1-1+deb12u1_armel-buildd.buildinfo Checksums-Sha256: 843fb74665939436fd9e3ec0ae897155898acdffc88325961182288f141ebe2b 222560 libbson-1.0-0-dbgsym_1.23.1-1+deb12u1_armel.deb 40371b517583958b6101b5947da69e6afddee23fbb560e915a573a0501cb5983 71404 libbson-1.0-0_1.23.1-1+deb12u1_armel.deb 852dedeae53db43ce82eb42bcffe77ad8d3295e7ef670ef13b9b1dc9eb4d961c 123604 libbson-dev_1.23.1-1+deb12u1_armel.deb d0034a434a1e3c883112c034b0868bd88d9dcaf4be3d35c479f143c699b62d26 1203188 libmongoc-1.0-0-dbgsym_1.23.1-1+deb12u1_armel.deb 0d63d6b2403ce3d055ea27ae992d1088408e0e20b95583a1707a7a3040c0540f 272376 libmongoc-1.0-0_1.23.1-1+deb12u1_armel.deb bd833023144d9bc643d4e8ac82d6161dc17edd3ba2a870071c5c69fa48580c2e 345908 libmongoc-dev_1.23.1-1+deb12u1_armel.deb f85dfbd59640860b1ea344d5f74f4a06a9b12a58682448c1502cce6ea344c464 10024 mongo-c-driver_1.23.1-1+deb12u1_armel-buildd.buildinfo Files: a05012c0460101b60f20cc17b9c6cc24 222560 debug optional libbson-1.0-0-dbgsym_1.23.1-1+deb12u1_armel.deb 30a8ab6039be4586e9f586b9dcd0ad5f 71404 libs optional libbson-1.0-0_1.23.1-1+deb12u1_armel.deb 807c9b8f7f25f056c4c7aaea1c3efb4e 123604 libdevel optional libbson-dev_1.23.1-1+deb12u1_armel.deb 7705fda8284e57db21721597f3d18dd3 1203188 debug optional libmongoc-1.0-0-dbgsym_1.23.1-1+deb12u1_armel.deb 04caa9b284d8c193c9a72c5ac7916f08 272376 libs optional libmongoc-1.0-0_1.23.1-1+deb12u1_armel.deb 7a91c511bf86686ec511784850912e36 345908 libdevel optional libmongoc-dev_1.23.1-1+deb12u1_armel.deb 7c90369d80b3936cc8968f13995699e2 10024 libs optional mongo-c-driver_1.23.1-1+deb12u1_armel-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEVM4SKBZumztS8zr3lST9Us03ywsFAmgNLdIACgkQlST9Us03 ywthqw//T8g3KV7LDP2h4/9eS9o4uRG/Gh3X+vjbvpzscW5dk+jrc/S82YzqE1Pq N42kcWbjMdo9Q8UCMbx1CAYvE8bg3uVJfxi9aaSVenp+ONXf3dvU/voIbfUFLOUp 5o0wA5F7D6Pp9wReJI2YzK3X1w4U5r/ydc8+diDuMckbZ35IbtFW96DOgL1WJEzu b0WKHnpnI+dN8fIlLLqauWWmBGGoeKxDgSz3/E05xip6TGpGc6QsKMgKVThuFSTK 1u6cFJJys871OQbu5xfn5lNlr1q6lFIcDjwtnBnOZPa7ZEhAoor+1IDIdU6Mymap bZjQSysgVr6OMWaNf8WABCPQBSKE/80FFRm3LmmFQv5Nx6IVo/Y19cj/aom4IiuU hQJxf+M5a2Se+U8d1TdYXyrf1A5WDsz63Fqk4LspD3liBwGxjTYkvlzuNgcLaAh2 xnMU8qYSjRH4Ii4UBIf2nns3a07zdPi/4t2fomPVEcN7XIHzQnOp79iom04ZJK5Y b0tENBbR9xZ6pwQHAXzB2Gz64IRz2URhnILaAh2dOZ+9Jru0W55cWv2ATlU3nUOI tOlCYruq2BdB//KPBKgDdqJG4atega9pYtCfRUnhd63XQTGDMl619ac+LCdHnZCt rJsfRadBdJ6DK8MgiMKqLKOqantAgnTlB0FHE8FCKHSZ8WQMSpw= =/zN8 -----END PGP SIGNATURE-----