-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 27 Apr 2026 14:01:23 -0400 Source: mongo-c-driver Binary: libbson-1.0-0 libbson-1.0-0-dbgsym libbson-dev libmongoc-1.0-0 libmongoc-1.0-0-dbgsym libmongoc-dev Architecture: s390x Version: 1.23.1-1+deb12u3 Distribution: bookworm Urgency: medium Maintainer: s390x Build Daemon (ziehrer) Changed-By: Roberto C. Sanchez Description: libbson-1.0-0 - Library to parse and generate BSON documents - runtime files libbson-dev - Library to parse and generate BSON documents - dev files libmongoc-1.0-0 - MongoDB C client library - runtime files libmongoc-dev - MongoDB C client library - dev files Changes: mongo-c-driver (1.23.1-1+deb12u3) bookworm; urgency=medium . * Fix CVE-2026-6231: bson_validate may skip validation when processing certain inputs * Fix CVE-2026-4359: a compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause an application crash * Fix: improve handling of corrupt GridFS files (upstream ticket: https://jira.mongodb.org/browse/CDRIVER-6281) * Fix CVE-2025-14911: user-controlled chunkSize metadata from lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container * Fix CVE-2026-6691: Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic Checksums-Sha1: 54312056d794df3c11fed133037139035da6de92 216096 libbson-1.0-0-dbgsym_1.23.1-1+deb12u3_s390x.deb fc6d3ffc70653c725f91b6962b941f8986e7f3e5 71268 libbson-1.0-0_1.23.1-1+deb12u3_s390x.deb 5aa497d2a763d5c25a04d787c11668320d05ab7a 124696 libbson-dev_1.23.1-1+deb12u3_s390x.deb fac0d83560e402ab81ea4e6a6a5eb8044bf15e65 1212184 libmongoc-1.0-0-dbgsym_1.23.1-1+deb12u3_s390x.deb d2347bc282e2cc0435f3b7e114555db9fcf73ecd 278688 libmongoc-1.0-0_1.23.1-1+deb12u3_s390x.deb 1eae0a58babafaf9961de27542ad45bb54490121 342220 libmongoc-dev_1.23.1-1+deb12u3_s390x.deb 612adb366f06c2c3704a77b91d9836bc2cbd2773 10240 mongo-c-driver_1.23.1-1+deb12u3_s390x-buildd.buildinfo Checksums-Sha256: 0f2b2bf9a18cf79820367f4dda051aa935482ac6e8be61d4e52587f493ce0808 216096 libbson-1.0-0-dbgsym_1.23.1-1+deb12u3_s390x.deb b321de9fd40edf9410755babfa7a97fa46643977bce90a440a000577f934c933 71268 libbson-1.0-0_1.23.1-1+deb12u3_s390x.deb 929737e9e2c0269f223883c6d30eb28a4a68c378583f6914966c49faaf27ce39 124696 libbson-dev_1.23.1-1+deb12u3_s390x.deb 37c4810b42509aba39e10b079ae46ca2cc31534e9b23f9d9a5e42cbb8438633f 1212184 libmongoc-1.0-0-dbgsym_1.23.1-1+deb12u3_s390x.deb 0255a1437c1dd8035780ee9dd18336ed58ad30d3677467062189248982cceec9 278688 libmongoc-1.0-0_1.23.1-1+deb12u3_s390x.deb 780bdd14d67ee0f36ec0cf0a743a6464c514f09e39c81fed0edb0ca1162fa4bb 342220 libmongoc-dev_1.23.1-1+deb12u3_s390x.deb 369081ddb8d0254b9573526b7d5fc063e28ea170fbf18bc26adbb5cbda28c3c6 10240 mongo-c-driver_1.23.1-1+deb12u3_s390x-buildd.buildinfo Files: d395f652c7eb8638e428e7f4e8d78fc6 216096 debug optional libbson-1.0-0-dbgsym_1.23.1-1+deb12u3_s390x.deb 7026b74bb7bf957df85849538e75328e 71268 libs optional libbson-1.0-0_1.23.1-1+deb12u3_s390x.deb a7d2ae772d0c5227d4636c729884bfde 124696 libdevel optional libbson-dev_1.23.1-1+deb12u3_s390x.deb 75fd3c7bd904902c48273ed499aca861 1212184 debug optional libmongoc-1.0-0-dbgsym_1.23.1-1+deb12u3_s390x.deb d1cc8bbcdf144840f06059114a789312 278688 libs optional libmongoc-1.0-0_1.23.1-1+deb12u3_s390x.deb 5c1022a596b1baad02ab78d65f979418 342220 libdevel optional libmongoc-dev_1.23.1-1+deb12u3_s390x.deb 6ddf97a5458abca912d64c884c3a0f6f 10240 libs optional mongo-c-driver_1.23.1-1+deb12u3_s390x-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEl0BM/nR+Oj597wRWMWUFebkHnoQFAmn40+wACgkQMWUFebkH noSwbA//f527wRYPvt0IONzQxuNZGf9/v8+56ZO864yDBM4oEOpfQe5OfRe5Z/oZ eOBJpfDG4wGx83obI3d1v4qaXeZV4pCvNI9TXJxRlXJm61eGm8Ni1kbgJCMJxVGB 2fDamPrJXquCtiGCVZNr718bB48ot0+WTiffCBPf7toHUXZ/nOQ6k3cNhrq5WTyW w3IC+z7E7HjOT3Y4PIEaI8UpgUjJPLzFJ6jvZtq4fOEGvCsdk7r+sioHBI7va49q x9DQffx0R6P/FGZtQ0DZU1dnRfNjZMH9EYX5IshiDXQDFioN+g/tZVnFjnh/fFBf f6ie+eFNkf9Zsw0L7YXGve/mm2tcs+hIIl9d8yvTvRAl6we5ZPD4vcqrS3uEBBUr dCHsmNQf/8Hmklqb4PW8Lf3EYTaZegTXtfmamrMF31LWjhpt3gFwS3J37mMfmqav 9dkEGBbCoiF9GzBqLn3H2O5erxcUFY+XjATbU6/Ki/CfqxNrjAfzpJOZrO+znQXr gtF0XAyp9pIJDbvwAZN2/boW0ymy3nATrTaphLGbvxO3r8vwuCUWWWqcLlhcmCYp 8Ld+UFR0kkclU+OxrR7+le5i002LMSfwxXplypMAT4cpwz1QGs8URj/NOF15O9th 10pfIj1SpIQXslJllFZGfi1GOrgYtT/MxgIu4C8lSadPRuODwTs= =QZ65 -----END PGP SIGNATURE-----