-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 27 Apr 2026 14:01:23 -0400 Source: mongo-c-driver Binary: libbson-1.0-0 libbson-1.0-0-dbgsym libbson-dev libmongoc-1.0-0 libmongoc-1.0-0-dbgsym libmongoc-dev Architecture: mipsel Version: 1.23.1-1+deb12u3 Distribution: bookworm Urgency: medium Maintainer: mipsel Build Daemon (mipsel-osuosl-04) Changed-By: Roberto C. Sanchez Description: libbson-1.0-0 - Library to parse and generate BSON documents - runtime files libbson-dev - Library to parse and generate BSON documents - dev files libmongoc-1.0-0 - MongoDB C client library - runtime files libmongoc-dev - MongoDB C client library - dev files Changes: mongo-c-driver (1.23.1-1+deb12u3) bookworm; urgency=medium . * Fix CVE-2026-6231: bson_validate may skip validation when processing certain inputs * Fix CVE-2026-4359: a compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause an application crash * Fix: improve handling of corrupt GridFS files (upstream ticket: https://jira.mongodb.org/browse/CDRIVER-6281) * Fix CVE-2025-14911: user-controlled chunkSize metadata from lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container * Fix CVE-2026-6691: Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic Checksums-Sha1: a16bdbbd53de705e7ac5ff6f040599fb272001ab 225456 libbson-1.0-0-dbgsym_1.23.1-1+deb12u3_mipsel.deb 7ec648c4d3af16104efdf471e06658716f05155e 72176 libbson-1.0-0_1.23.1-1+deb12u3_mipsel.deb 9bae3f0663f5eaf88a5c653349b314ed583e57fc 137664 libbson-dev_1.23.1-1+deb12u3_mipsel.deb d150560d132f0d1b2492627ac3f662eafcd2eb03 1221404 libmongoc-1.0-0-dbgsym_1.23.1-1+deb12u3_mipsel.deb 3d76c9dc561fb6d91229585c635de7a18630088d 262500 libmongoc-1.0-0_1.23.1-1+deb12u3_mipsel.deb 24b934a79a867b68fe94e695627d54aec216f7f6 407424 libmongoc-dev_1.23.1-1+deb12u3_mipsel.deb 9f3d3d61763d1689a837be5abc5ea89448761d53 10111 mongo-c-driver_1.23.1-1+deb12u3_mipsel-buildd.buildinfo Checksums-Sha256: 0f4c6f4ca9e963d47a33837a8d6f2c4acc5dfea0a2ea3bd2f06c8d7eeec60629 225456 libbson-1.0-0-dbgsym_1.23.1-1+deb12u3_mipsel.deb 1be15bd47d03f66d2fc416e7def2c0f246a94eb303a3fa721786d3086a1fb054 72176 libbson-1.0-0_1.23.1-1+deb12u3_mipsel.deb 20202739240239251e59d4cf3bb380b5b7f7d892905663c57e72b128c79760a5 137664 libbson-dev_1.23.1-1+deb12u3_mipsel.deb 2b5fe25c52ccd9307734c67269746b7b0fe442b63286bd03cbae50d3de89d674 1221404 libmongoc-1.0-0-dbgsym_1.23.1-1+deb12u3_mipsel.deb bbbad16ac07cab4836e268f140b3eb7593a2246cc33d3d364b3fd81058d9ca35 262500 libmongoc-1.0-0_1.23.1-1+deb12u3_mipsel.deb eb03c2ee2c59561582403c63fe30cefa7cc25dabb178f0a2b7829e5e08040dd4 407424 libmongoc-dev_1.23.1-1+deb12u3_mipsel.deb 09435294ad82d2af47761beb3963e61962c704519d76d8c045191f2eff5ad423 10111 mongo-c-driver_1.23.1-1+deb12u3_mipsel-buildd.buildinfo Files: ec591470100cc67bf37040601b1465bd 225456 debug optional libbson-1.0-0-dbgsym_1.23.1-1+deb12u3_mipsel.deb 5fef92043eacdd0a3ad08f2eac62d318 72176 libs optional libbson-1.0-0_1.23.1-1+deb12u3_mipsel.deb d383b95d87b9c8480503932cd9a99871 137664 libdevel optional libbson-dev_1.23.1-1+deb12u3_mipsel.deb 40065b2f0b6f13121673c67e0d5c804e 1221404 debug optional libmongoc-1.0-0-dbgsym_1.23.1-1+deb12u3_mipsel.deb 47ac25dcf40c869491f3cc29cb9d6d41 262500 libs optional libmongoc-1.0-0_1.23.1-1+deb12u3_mipsel.deb 9d3b1ea14d1550cb426dba7e58a4b16e 407424 libdevel optional libmongoc-dev_1.23.1-1+deb12u3_mipsel.deb 4296549135b61068c789dbd8d1ca684f 10111 libs optional mongo-c-driver_1.23.1-1+deb12u3_mipsel-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIyBAEBCgAdFiEEyYUQCyzsgu940OiVpwP2OD8jZaoFAmn41TAACgkQpwP2OD8j ZapnNQ/4+CVICGdI3GyPqP1OvUrvW7kVnZF9SmRNpE+4OFg5DT7wQeiVJthJ7r5j VCpNOQ5agEn4y4zAqjidbfWI0atCApP6PRlOCjZtI+ZmGFWED+hjhDSNJeWJoL6u VjNb66h6rd/jc+UJTvDJvczIulKeudZ++SyhWkhsR7n5eC6ugafk11tREBUVUvjR PIaviHUw3/p+2VLNVmD0ouCQZnwVOkf3LATaIxC1sG4w7LbQqmGcobtn6FRDa1W0 YbU+0uNk6X4gatjoCwTfCKXfV8lQO8oj6Fg+8raNyRMMQ4uT6fiLWgwvRoJvyt5Q jUYwufcdWxF0A+jNfpxp+PHWt+8vR0OGJkvUKKw8qLtuS4VuISXtOpDyFxta7Vaf XktffqLWKCHlzdYDsJAnTPF56B8n+dAcmBV3VBJN9q29QBkMLRpVVn0MQnYi8vJf uxsHcr5d+Qjez6XQ1ihLDyRZa6jMiIfwj1sSFO61mx9VZh0tQNcwr9ugH/REXA+x qPDX77J0X5a4/FQg9vKxPYUGzokoBDpUI/ovV7zlZeIKAb1zAJaDQ4I4RmCX1l7m uS3tt94v4Ej5HNIc+OyQLRwsWy4GiCmYdc8EX4KaKsnzHwFFtx8O4HAJJmk6uGDp TdTJY3ZQK+2Pd0RJw8uUUFVOZ9lcFy+QHF/m+nzSJlgMqQv1Dg== =aas5 -----END PGP SIGNATURE-----