-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 27 Apr 2026 14:01:23 -0400 Source: mongo-c-driver Binary: libbson-1.0-0 libbson-1.0-0-dbgsym libbson-dev libmongoc-1.0-0 libmongoc-1.0-0-dbgsym libmongoc-dev Architecture: ppc64el Version: 1.23.1-1+deb12u3 Distribution: bookworm Urgency: medium Maintainer: ppc64el Build Daemon (ppc64el-osuosl-02) Changed-By: Roberto C. Sanchez Description: libbson-1.0-0 - Library to parse and generate BSON documents - runtime files libbson-dev - Library to parse and generate BSON documents - dev files libmongoc-1.0-0 - MongoDB C client library - runtime files libmongoc-dev - MongoDB C client library - dev files Changes: mongo-c-driver (1.23.1-1+deb12u3) bookworm; urgency=medium . * Fix CVE-2026-6231: bson_validate may skip validation when processing certain inputs * Fix CVE-2026-4359: a compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause an application crash * Fix: improve handling of corrupt GridFS files (upstream ticket: https://jira.mongodb.org/browse/CDRIVER-6281) * Fix CVE-2025-14911: user-controlled chunkSize metadata from lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container * Fix CVE-2026-6691: Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic Checksums-Sha1: 455faf41cfbb41bfbebe96f685a173059c51ce40 222620 libbson-1.0-0-dbgsym_1.23.1-1+deb12u3_ppc64el.deb b234b31d91692a45519469015620617bc5a19692 80052 libbson-1.0-0_1.23.1-1+deb12u3_ppc64el.deb a66c5286e81929fb3faf6bdfbb8f7d3cf1c8eb6e 137168 libbson-dev_1.23.1-1+deb12u3_ppc64el.deb 8e20a67386d7fb438fb17ff961ee463914043cf0 1226604 libmongoc-1.0-0-dbgsym_1.23.1-1+deb12u3_ppc64el.deb 83a8b3d4f7f86ee540095bb2af8bc7a5aba680c7 327256 libmongoc-1.0-0_1.23.1-1+deb12u3_ppc64el.deb 40b1c297056846c7f67ed5c562a5b034cc027f75 414792 libmongoc-dev_1.23.1-1+deb12u3_ppc64el.deb 3333b4f0008e87fdec50fee8d1be6df8b262c69a 10389 mongo-c-driver_1.23.1-1+deb12u3_ppc64el-buildd.buildinfo Checksums-Sha256: e059fb4231bfa0b6b5f099b7f6fd48b217efaec1855309ea57470fe8d7f78b3e 222620 libbson-1.0-0-dbgsym_1.23.1-1+deb12u3_ppc64el.deb 34f86fa933c64364d850773b5908a4444299282558df1cd13c86b72868a9ae80 80052 libbson-1.0-0_1.23.1-1+deb12u3_ppc64el.deb f80b947e11019600311608d00738e3c21754df3d87d780c4fd635729fb3f8fe4 137168 libbson-dev_1.23.1-1+deb12u3_ppc64el.deb fc7cba430f518093d389f99138ccecca842e3a1b7854b616f0b49a9c87dbc47a 1226604 libmongoc-1.0-0-dbgsym_1.23.1-1+deb12u3_ppc64el.deb 8e116a5cb8cc02ed89d04656c9cb22b8fd5e23c760d1a979136dc730f95c8669 327256 libmongoc-1.0-0_1.23.1-1+deb12u3_ppc64el.deb 1a5d6aae0808be12f04f99c016e2b8aff8c9620d0619bfd827a098195b3073da 414792 libmongoc-dev_1.23.1-1+deb12u3_ppc64el.deb 3f662a87248f419d1ca3e604b5b9ad4fc140489312357636c70678a6a541434d 10389 mongo-c-driver_1.23.1-1+deb12u3_ppc64el-buildd.buildinfo Files: 619a683de2d90ec80dcd0fd6646eb9af 222620 debug optional libbson-1.0-0-dbgsym_1.23.1-1+deb12u3_ppc64el.deb 9bdb0d72f03c2e9ea194a3715d0ef9a9 80052 libs optional libbson-1.0-0_1.23.1-1+deb12u3_ppc64el.deb 10e5b3391b1e6193b0424578850ce754 137168 libdevel optional libbson-dev_1.23.1-1+deb12u3_ppc64el.deb 1aa9c4418b745334b18617adb40259a1 1226604 debug optional libmongoc-1.0-0-dbgsym_1.23.1-1+deb12u3_ppc64el.deb d74f7b70e8c67183e314f21a8a38653a 327256 libs optional libmongoc-1.0-0_1.23.1-1+deb12u3_ppc64el.deb ae01b648c3dfee0cf2077a93302b07a4 414792 libdevel optional libmongoc-dev_1.23.1-1+deb12u3_ppc64el.deb 0e41f3e2f9ad77eb715b6ad91208f08d 10389 libs optional mongo-c-driver_1.23.1-1+deb12u3_ppc64el-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE9ibmwdV9gdKNbK7oV8ucRsMTpuMFAmn40/MACgkQV8ucRsMT puMWOA//Xh3SmzdqV+ik/EjWw33ISiRHMvZK0cdX3qm3UZbWsoIytV9L6F5zh70C J1FYmUSK4+jsfSc0HvoXfKHksffMHBy0yAOIJv7vDNIr7BuJmHs9GYHzML7BAXB5 Rxtjosfr7QPvlrcpWJr+93cEwCYr3ZxnsGGXf/TK7EXVytupYamJ9EVQcrSd4kYJ 8xCXO6u/1On5HFOs3aasM+xkh7Do0tGw0Q4KygyUNoOOmthFQHjcDXlMTRF4Vdov Sm1M4y4L/64vgnBSSyuPod56zG7BrMx12R97R9N2gs30nHAJswc219BzzwWU9uMA ZfoRCvQHy3A3V2wmdJGm4fxWzYpnHrl6ymygu1DQJ5lWK0RlyLXYRo4/MSqbLQej rGkOMbMc9jmfepQVP0f+PB2271J7FYifZfLdly8F1UzbRLN5whxK0Erob7BxD9AZ odfAccbNGuj42ueQ37nISRNkcGCYKaArRUROx6iaJ9HCNsQ/RdsodbnEwjbfnpiT lbJ2ZVqlfvbkQqv8NV10FPHYfpmZ1BgO0hGLBo5ah0mEDJFVfiDQU5wQx/4llu8W xDdAuMHLVDn+7ZQ3dsVH754XlXzkxUxk5nmUZdyLw8Ebo3X2DUaG55PQi3F6DOcx 3OVJthCqk//5PkoF9gqWxzY3uNvYSG4bbc4LeXKsYn3BpQH3enQ= =4TKg -----END PGP SIGNATURE-----