-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 27 Apr 2026 14:01:23 -0400 Source: mongo-c-driver Binary: libbson-1.0-0 libbson-1.0-0-dbgsym libbson-dev libmongoc-1.0-0 libmongoc-1.0-0-dbgsym libmongoc-dev Architecture: armel Version: 1.23.1-1+deb12u3 Distribution: bookworm Urgency: medium Maintainer: armel Build Daemon (arm-conova-02) Changed-By: Roberto C. Sanchez Description: libbson-1.0-0 - Library to parse and generate BSON documents - runtime files libbson-dev - Library to parse and generate BSON documents - dev files libmongoc-1.0-0 - MongoDB C client library - runtime files libmongoc-dev - MongoDB C client library - dev files Changes: mongo-c-driver (1.23.1-1+deb12u3) bookworm; urgency=medium . * Fix CVE-2026-6231: bson_validate may skip validation when processing certain inputs * Fix CVE-2026-4359: a compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause an application crash * Fix: improve handling of corrupt GridFS files (upstream ticket: https://jira.mongodb.org/browse/CDRIVER-6281) * Fix CVE-2025-14911: user-controlled chunkSize metadata from lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container * Fix CVE-2026-6691: Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic Checksums-Sha1: caa40f4fa4a0b1b61885bfde879580d086bf8a48 222528 libbson-1.0-0-dbgsym_1.23.1-1+deb12u3_armel.deb 6521a790a0cc78a1a484f9017c28fb1e4ca8a824 71340 libbson-1.0-0_1.23.1-1+deb12u3_armel.deb 8ac5ff3a7c3a90142e309ab82d9a1a165434dd7e 124284 libbson-dev_1.23.1-1+deb12u3_armel.deb 1e5d32bfe21e5340fb7feb7a811a60247a7f0573 1203320 libmongoc-1.0-0-dbgsym_1.23.1-1+deb12u3_armel.deb c35dd3e5f4607e3eb412af8f5d0b0de724230faf 274320 libmongoc-1.0-0_1.23.1-1+deb12u3_armel.deb 4fed20dd27f49ee6f1eb116ea376b19a0d3fece4 346800 libmongoc-dev_1.23.1-1+deb12u3_armel.deb 55b549530792fcd502a8b43523aaca790adb840e 10210 mongo-c-driver_1.23.1-1+deb12u3_armel-buildd.buildinfo Checksums-Sha256: 165b74ca206c2a80ccd55381ca3ee32065e274df605974dc9759d1d8f4f80837 222528 libbson-1.0-0-dbgsym_1.23.1-1+deb12u3_armel.deb 49a9486fa7eb43e3210f0d022af977fbe8e83d0f579053ebe11543d91c099113 71340 libbson-1.0-0_1.23.1-1+deb12u3_armel.deb 43bcdc6d9fb5e9fc45fa2a7907c54feedaa4e1f44e3aa0769dba02072c49d2ea 124284 libbson-dev_1.23.1-1+deb12u3_armel.deb f74bc505ea59cd7bfd690a9be1485a68c335775b17a16fd3ee07cc222fbf93d7 1203320 libmongoc-1.0-0-dbgsym_1.23.1-1+deb12u3_armel.deb 90f9b35d8c838f9d0a5cddd78c7e673d113d2807c1da2e98f0bdfe668ae3b7d5 274320 libmongoc-1.0-0_1.23.1-1+deb12u3_armel.deb 5e0ee0e68bc90290c618e8081e80a03b6f5fe5c04723b5443f25f32a23a2877c 346800 libmongoc-dev_1.23.1-1+deb12u3_armel.deb 8b08ed91837a31113e9fa1d68cf1d1281ad723318cb39cb0d5a05ea77e11569e 10210 mongo-c-driver_1.23.1-1+deb12u3_armel-buildd.buildinfo Files: 0c7e9ed425fd17f1be949a1da0f108e2 222528 debug optional libbson-1.0-0-dbgsym_1.23.1-1+deb12u3_armel.deb 92dc3c9b73b6f991f166fe1bbc2e1326 71340 libs optional libbson-1.0-0_1.23.1-1+deb12u3_armel.deb 689eac15b5df0c060acc5108a63e8487 124284 libdevel optional libbson-dev_1.23.1-1+deb12u3_armel.deb 3e1a4f0dfa5177144e64c00799f0793f 1203320 debug optional libmongoc-1.0-0-dbgsym_1.23.1-1+deb12u3_armel.deb 40731483c0ad1a5c032366bffdc8f1b2 274320 libs optional libmongoc-1.0-0_1.23.1-1+deb12u3_armel.deb f95d58eebdb4c2c8b5e6466115384fd4 346800 libdevel optional libmongoc-dev_1.23.1-1+deb12u3_armel.deb 381195a2604b1043f0ff9b615b80f0ba 10210 libs optional mongo-c-driver_1.23.1-1+deb12u3_armel-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEWHj9K9pO9l4btbD1OQKMdMnEH5MFAmn40+AACgkQOQKMdMnE H5Nvfw//UNyUAeXU7UC/N58D3KBcYNjaZa6cwdaa3JWyPcM3ogsLDRgAnWpHZXdh KGHl5piWVwfG8eCy09+o0GxkGYc7ahmnoLgFE9UVpc+3PxBGhFJEx+9p4V2VI41C ra+B4ropXldz+QInye9NlLj53PV93CSHM8xMJxbZcOQdhdqWVmhIZvcLCRNtJE7u Tdh68DIaVtAzJHKhKESI6UbpMKHZdytVJc5yujjDKPjLzi/JfnNj89IKcI8wUyKZ D5B+vJz91Ki5rfL1CNxnKqToVCJX+2Adyk2ieyBiAJ3FvOXUZakz6WuH3h0VqumH u//SVFP7Fewj+42PVsUDSNT8ggNFoCbvMsKCNXH91n/jJziL3+kgORChh/3W72i0 HJ9Buqcv6/fvsNHwxWnwGLXTjfcAAlaoY8x6rPii6KOvWLIySRRYeyAHdFClFmQY OLSr00n0vcl56ojPMW3cTkAKDtxmSr11OwR2OpHyxrSOTf7cGYyz5YjbbdCU/sdp SNu7N3J0dMRyKK/VXvDCHAd+1mXwMdznIDNRNlAmiZIN49Z3F7yo0nwYdEiPuczM CIzbLoch2pZXoZbgyRk9qfLYxe5U+xagA9OQ6bKqS/RfmG28O3r8mqOZlI48tL3T wbTo2hCtxzoucRsM32xKBy35+MZjF7IGpHDda8P6DzI8E/FSE/4= =f2iY -----END PGP SIGNATURE-----