-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 27 Apr 2026 14:01:23 -0400 Source: mongo-c-driver Binary: libbson-1.0-0 libbson-1.0-0-dbgsym libbson-dev libmongoc-1.0-0 libmongoc-1.0-0-dbgsym libmongoc-dev Architecture: armhf Version: 1.23.1-1+deb12u3 Distribution: bookworm Urgency: medium Maintainer: armhf Build Daemon (arm-conova-03) Changed-By: Roberto C. Sanchez Description: libbson-1.0-0 - Library to parse and generate BSON documents - runtime files libbson-dev - Library to parse and generate BSON documents - dev files libmongoc-1.0-0 - MongoDB C client library - runtime files libmongoc-dev - MongoDB C client library - dev files Changes: mongo-c-driver (1.23.1-1+deb12u3) bookworm; urgency=medium . * Fix CVE-2026-6231: bson_validate may skip validation when processing certain inputs * Fix CVE-2026-4359: a compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause an application crash * Fix: improve handling of corrupt GridFS files (upstream ticket: https://jira.mongodb.org/browse/CDRIVER-6281) * Fix CVE-2025-14911: user-controlled chunkSize metadata from lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container * Fix CVE-2026-6691: Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic Checksums-Sha1: d9bb48cefa33d472994b989fc4c9c7c5d6e7a791 224356 libbson-1.0-0-dbgsym_1.23.1-1+deb12u3_armhf.deb cb03f0f416daf9a03bf6ca1c576a370497f24739 71032 libbson-1.0-0_1.23.1-1+deb12u3_armhf.deb 4e70edb13ea00f02c80cd5541cc01052e5b0162e 124268 libbson-dev_1.23.1-1+deb12u3_armhf.deb 1a48b47ab3bd783e3ad053923478f6fd8d0997b6 1211500 libmongoc-1.0-0-dbgsym_1.23.1-1+deb12u3_armhf.deb 09307cb558e2361ada217ef9cbb2cafd1c620fbc 277712 libmongoc-1.0-0_1.23.1-1+deb12u3_armhf.deb a49bb3cefa4f578fc5e4a53bb993a5d06ab3f80b 350128 libmongoc-dev_1.23.1-1+deb12u3_armhf.deb b3d57f33b96d60341d11508e1036768b736a1cc0 10212 mongo-c-driver_1.23.1-1+deb12u3_armhf-buildd.buildinfo Checksums-Sha256: 9858b3246bb192e2bee80de5b95f7166353663aab6b29025f5c0f4cf582bdb06 224356 libbson-1.0-0-dbgsym_1.23.1-1+deb12u3_armhf.deb 443e82cf11e4e6a4d30f232a7a739b51fb5c0a4d779c03f7154c7ba3192c247f 71032 libbson-1.0-0_1.23.1-1+deb12u3_armhf.deb 06736037a8d019f6b76d59808d75b08fdffc9f944382ee423e10acd7077deeb6 124268 libbson-dev_1.23.1-1+deb12u3_armhf.deb 79076c9805be607850c4aae341fb85f1e5797c7868c0246d14612fee5cf39d0c 1211500 libmongoc-1.0-0-dbgsym_1.23.1-1+deb12u3_armhf.deb f37aca8279494ee1e64bf993d887d26f73701dfd9f3f14b6732e2cb8daef01d9 277712 libmongoc-1.0-0_1.23.1-1+deb12u3_armhf.deb 9fae48fdd09aefa8a16a0e941cb335a31de6680cacc2ea79510fe084aefd74bb 350128 libmongoc-dev_1.23.1-1+deb12u3_armhf.deb 6ee26e2484c3c3cefd1f7c3e57237908863ae640a271f50d1b92bc8461c56754 10212 mongo-c-driver_1.23.1-1+deb12u3_armhf-buildd.buildinfo Files: 278a2959ba8137a846a904bde5648831 224356 debug optional libbson-1.0-0-dbgsym_1.23.1-1+deb12u3_armhf.deb 6592b540bb56f64b0727d21cdc3740d2 71032 libs optional libbson-1.0-0_1.23.1-1+deb12u3_armhf.deb ffb3278ccc1f38b6f7b0c004863628c5 124268 libdevel optional libbson-dev_1.23.1-1+deb12u3_armhf.deb 36aa61da8ffc0d9960ec48a58b0572a5 1211500 debug optional libmongoc-1.0-0-dbgsym_1.23.1-1+deb12u3_armhf.deb 4445ec28147ea9ada34cdb5cff3e89e2 277712 libs optional libmongoc-1.0-0_1.23.1-1+deb12u3_armhf.deb 4ced350ff6b1217c074899db0ec4d510 350128 libdevel optional libmongoc-dev_1.23.1-1+deb12u3_armhf.deb 02169205d9032aeab33f01dbfa308574 10212 libs optional mongo-c-driver_1.23.1-1+deb12u3_armhf-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEElFiH1oZRZh1t4FSiXVp1sEH/1mIFAmn40/kACgkQXVp1sEH/ 1mIggw//dOi7MZSLxOOgeTcP0+Cnwwjl3dzeWKV+T5Yy+MXKHacxHaN+lh2Yww6v IFymmghOQzFM0H09Rbx7WN3JZTL/J13zyxrZVjuqyFRFMs1ihvAZ6WNxhS9nVS4J y3BaSEJG/UJ61YlQPCkq/AsTEJ5/uCPzQhXx39k1pdN4/bnUTcdyoxYPYOjWCCjV SV6woN6p0Fe7kIX7lC4AKGo45Yx3/AtDH6J5ce1bBF5bk6/s+OT/BMQS8didv702 ZeA0Ge+/Ma3Y6YhHbWnPrGPd7BoC5joTzhrThhtQuLswKW7hpSHGXjstPHXvqfDY I6mD3CIKq6dJKkjRT0nzQBlnC+u4+jPVCJ5XPscZ27L0Zjr4YmQfPoQ1x/2rHdGZ hux4XQb4edatHVUjvf8ldwEpTjVS7ubxfumiEEDo5HO6Sw3gBDZ8PqzrzsRSy6Em QYuAyhscmeOsW6NtMtyfROxxA5Ffb+QlzZinvhpKjeSzmczRv+mwezvFn43r57lE FBGd5a8aqsaGJqcOYvctzhUmwFiOjHXqn5rG7d0tK5WsRT33+DMY+PyNAtfXl0vV YG+bpzJMGvAGNriwDAQzM8QxCknHpyl7EJBFHh+Rkr45TNOpvfRycxdTiemDeLzz 3ZuyarVlIc7Yl3phsEfVvBHtQgW4CLVKE9Fo/VlfIpRnhi0qrBI= =K+gJ -----END PGP SIGNATURE-----