-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 27 Apr 2026 14:01:23 -0400 Source: mongo-c-driver Binary: libbson-1.0-0 libbson-1.0-0-dbgsym libbson-dev libmongoc-1.0-0 libmongoc-1.0-0-dbgsym libmongoc-dev Architecture: mips64el Version: 1.23.1-1+deb12u3 Distribution: bookworm Urgency: medium Maintainer: mipsel Build Daemon (mipsel-osuosl-03) Changed-By: Roberto C. Sanchez Description: libbson-1.0-0 - Library to parse and generate BSON documents - runtime files libbson-dev - Library to parse and generate BSON documents - dev files libmongoc-1.0-0 - MongoDB C client library - runtime files libmongoc-dev - MongoDB C client library - dev files Changes: mongo-c-driver (1.23.1-1+deb12u3) bookworm; urgency=medium . * Fix CVE-2026-6231: bson_validate may skip validation when processing certain inputs * Fix CVE-2026-4359: a compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause an application crash * Fix: improve handling of corrupt GridFS files (upstream ticket: https://jira.mongodb.org/browse/CDRIVER-6281) * Fix CVE-2025-14911: user-controlled chunkSize metadata from lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container * Fix CVE-2026-6691: Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic Checksums-Sha1: 1981f8f7fe8511a149c9d1ce2adf000b5b7beed7 223200 libbson-1.0-0-dbgsym_1.23.1-1+deb12u3_mips64el.deb 43f34ec1231c2f31da139875e9d8a2277015de1b 65820 libbson-1.0-0_1.23.1-1+deb12u3_mips64el.deb cec9f624f1311b9be6fdb0e2beb8630314cf77cc 133388 libbson-dev_1.23.1-1+deb12u3_mips64el.deb 62e2eef203bf05eac1fd67439772c5dddcac1158 1232604 libmongoc-1.0-0-dbgsym_1.23.1-1+deb12u3_mips64el.deb a8ef292e63e3a926d39978e760655c8ba4dcb9b2 251316 libmongoc-1.0-0_1.23.1-1+deb12u3_mips64el.deb e12ffdd901290c7e03519df4d74b72e1b8008b61 399984 libmongoc-dev_1.23.1-1+deb12u3_mips64el.deb 889b4db68bb221f3344a7b367ab7e930918e67b9 10158 mongo-c-driver_1.23.1-1+deb12u3_mips64el-buildd.buildinfo Checksums-Sha256: 5cba3b9aee9bf752cf2a508cc30f0e1c7022b4209c12c22901b61d252bd760c5 223200 libbson-1.0-0-dbgsym_1.23.1-1+deb12u3_mips64el.deb 86adb85bfab626ff0bb7582e30e69d56d1f3a116453d329ddb7c304fe9883133 65820 libbson-1.0-0_1.23.1-1+deb12u3_mips64el.deb 89451eb523317effbcc1f6df09034e0945dacbda6211e9d210761d6fa2667501 133388 libbson-dev_1.23.1-1+deb12u3_mips64el.deb 1b5907c56c20fed0062d7cb4696e52d0fcca50274ba512b7d4fffba947d4e6c5 1232604 libmongoc-1.0-0-dbgsym_1.23.1-1+deb12u3_mips64el.deb 3df0300465bdadcc8e29b3cb623419e497e428e7bac3038d8e83292dea632a4a 251316 libmongoc-1.0-0_1.23.1-1+deb12u3_mips64el.deb 6c6a9257a86479e508c8f02bfabc6fe5251d11ce95b7ee4caf04d5d2b4602ec8 399984 libmongoc-dev_1.23.1-1+deb12u3_mips64el.deb 6cdadf5760b0539f1efc888ced4cef3d5b981554cd349db63b8d6f8bb002be30 10158 mongo-c-driver_1.23.1-1+deb12u3_mips64el-buildd.buildinfo Files: 693cca92868a5791f70253b39ca614c0 223200 debug optional libbson-1.0-0-dbgsym_1.23.1-1+deb12u3_mips64el.deb 6e007961298b9aa89300d62bec1d7757 65820 libs optional libbson-1.0-0_1.23.1-1+deb12u3_mips64el.deb 5191695ee371f8e371c39a408984203e 133388 libdevel optional libbson-dev_1.23.1-1+deb12u3_mips64el.deb d6cb4b5994e4da460964ca4334bbff9f 1232604 debug optional libmongoc-1.0-0-dbgsym_1.23.1-1+deb12u3_mips64el.deb 54d5ab905c9b5a15e1bf07d065e3625d 251316 libs optional libmongoc-1.0-0_1.23.1-1+deb12u3_mips64el.deb ad8eae892b128a463134385e0f773f99 399984 libdevel optional libmongoc-dev_1.23.1-1+deb12u3_mips64el.deb 756c661968471903c82d8ea95fec0365 10158 libs optional mongo-c-driver_1.23.1-1+deb12u3_mips64el-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7sd7jtCtE5bBJ1Hx/qmHKZssfSAFAmn41GUACgkQ/qmHKZss fSC1aw/+LDlhperhCCgk1y04a0XObjQoi3XuU+gEffD5a1PV2qhUDQjWye9+lHvL ALSpZZwrXsIF4u2zRLxOV3niEZyVvrfbfpKLNcbyABDBtJFhExUdqJNLdET9z0JJ himLGfVR4YIs+dWkaH/rWKrkg8+1WJYMPNAkX+y8O+e+9athJpMzz9bo+8yEDLRF 6RulA/HsKN+ubXpUEDGa4eGQtzJT6oc8iW+pQwgNIbqpQYoFVPTu/xviFNtP1mQ9 OXQIvfCKudPRqfzYc/0MVTTtA+hUymL39RIJyzKFguThm1Wd/RP5L0Y180VN/DRk MP+5d2XpoGN/XUQ+lvrPOz6MKCrpIwWGBhoXG1NOtqTES47DirIefMf6KoZDZSui zvHFYIXzx4u1ix1sG8Cs9jAMqPY0FDlamv57ZlLJrP1kyvCKM1NENAZiXs8XYw+D vLlqSTOKNj/GjsznWekq7OjQp0IELhIVnS7tiGLTTmoezCWku1myT4sBDVtoSX9N 0C926wvPXjPfYrJf6SnWKCPg4tetJcI/PYqyWQmU0KCkOAoNyRL9tj+SRNKHpN7e gyIvZtaAJcyamjfAj4jOdAJ7D31TKSshbb8AUcQ2mR6YJ2Ho17xiPOoiIJJkn+8a vQYEG4+AYD0kPSBt++wfMcNCQqMJtituYEixGhzfJWf+XyZgJlg= =DVMw -----END PGP SIGNATURE-----