-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 27 Apr 2026 14:01:23 -0400 Source: mongo-c-driver Binary: libbson-1.0-0 libbson-1.0-0-dbgsym libbson-dev libmongoc-1.0-0 libmongoc-1.0-0-dbgsym libmongoc-dev Architecture: i386 Version: 1.23.1-1+deb12u3 Distribution: bookworm Urgency: medium Maintainer: amd64 / i386 Build Daemon (x86-csail-01) Changed-By: Roberto C. Sanchez Description: libbson-1.0-0 - Library to parse and generate BSON documents - runtime files libbson-dev - Library to parse and generate BSON documents - dev files libmongoc-1.0-0 - MongoDB C client library - runtime files libmongoc-dev - MongoDB C client library - dev files Changes: mongo-c-driver (1.23.1-1+deb12u3) bookworm; urgency=medium . * Fix CVE-2026-6231: bson_validate may skip validation when processing certain inputs * Fix CVE-2026-4359: a compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause an application crash * Fix: improve handling of corrupt GridFS files (upstream ticket: https://jira.mongodb.org/browse/CDRIVER-6281) * Fix CVE-2025-14911: user-controlled chunkSize metadata from lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container * Fix CVE-2026-6691: Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic Checksums-Sha1: efbebe382e0d9b763b367dcd55a2360f4edfa5f2 191608 libbson-1.0-0-dbgsym_1.23.1-1+deb12u3_i386.deb c42f9aed474f017bcee76690208afed2e5671330 81796 libbson-1.0-0_1.23.1-1+deb12u3_i386.deb a8db54637961344a452712e5768210daed04e9cd 138492 libbson-dev_1.23.1-1+deb12u3_i386.deb c55996a6bf412f1f88256aa30af23516ec84b32f 1048376 libmongoc-1.0-0-dbgsym_1.23.1-1+deb12u3_i386.deb aa3425fc8c73335d41d5c4d97e9877dd3bdf09c1 324560 libmongoc-1.0-0_1.23.1-1+deb12u3_i386.deb a7de73a408c7d176eb85c1a4ae271e99657517b2 394532 libmongoc-dev_1.23.1-1+deb12u3_i386.deb f4b03b80bf5ad873343941dd2a54e6493002ab31 10265 mongo-c-driver_1.23.1-1+deb12u3_i386-buildd.buildinfo Checksums-Sha256: 483a8377106eb6f9b140336c57389e6b8ef99bab6644c9193dab5a7de5dccdff 191608 libbson-1.0-0-dbgsym_1.23.1-1+deb12u3_i386.deb fcee63e7c64331924c916e93755dde67130ec09f8ee6cb63d23b4b8be41dd29c 81796 libbson-1.0-0_1.23.1-1+deb12u3_i386.deb 316ce420a0fffb7e9e78405f7fd17a8756d2698d78b06507e09daf0ebbe0361a 138492 libbson-dev_1.23.1-1+deb12u3_i386.deb 5e496a7c67ae57a4088e30b4c03a69a5b255d2cb7b1e1e2316c84cfc0bae3183 1048376 libmongoc-1.0-0-dbgsym_1.23.1-1+deb12u3_i386.deb c46ca4ffb65df41dea677d9d68819233c1ec1661564390f6385c20881f6fffde 324560 libmongoc-1.0-0_1.23.1-1+deb12u3_i386.deb 01091c51b37d260f305717b4ba0526c809d5c657d4f026652dbc70c3af7708f5 394532 libmongoc-dev_1.23.1-1+deb12u3_i386.deb 98bfa0ae7f4d884a5288d814318771f6acc08d8c33fae7d37f4b7bc4225590b3 10265 mongo-c-driver_1.23.1-1+deb12u3_i386-buildd.buildinfo Files: 56372cffc8d97559b5ef827d9ea4ed98 191608 debug optional libbson-1.0-0-dbgsym_1.23.1-1+deb12u3_i386.deb 7cb115c49f938b6d69decc306c12ba6a 81796 libs optional libbson-1.0-0_1.23.1-1+deb12u3_i386.deb 402c9739c9f49c9a7cef1ea4e0ea4382 138492 libdevel optional libbson-dev_1.23.1-1+deb12u3_i386.deb 42486553d9b0b6038d4a2d752c9fd27a 1048376 debug optional libmongoc-1.0-0-dbgsym_1.23.1-1+deb12u3_i386.deb bba892868556241d45eab2656493cbde 324560 libs optional libmongoc-1.0-0_1.23.1-1+deb12u3_i386.deb 0452a7046d1effba4ebc509cddf15125 394532 libdevel optional libmongoc-dev_1.23.1-1+deb12u3_i386.deb 8b49fe98887f66809995304e7156db9d 10265 libs optional mongo-c-driver_1.23.1-1+deb12u3_i386-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEBDWXQb2umOtH4DRpYg9P9sm2dfEFAmn409wACgkQYg9P9sm2 dfEd+hAAmS4a2UTl26ucUOkzzvkccRiyGtAFdcuP5wKIkAxOIMrPeetndyaQM1zs CnrhCd2HFyg81CRyMLINz5VlYDORHqDiRKLo71/Kp1TBNMkVD9fJXXJlFo4bCBDL 0gJuAJjVRZAyI+SEIKiKld1/Sp7+Zpq5FXFrQsd0GqXH9pkI//ydwMS0pDi5OzdV UbbG5Xb/XW4i6BA9adrZjGEvse3zC5xKM4xbq5PF1teMoKWeDWClLHLybHYyAzJg ea0JOx7FRsiqkkhv2O6vmeuAjKQAxtz8uaMVnb+FuSsqdLp1ftjUBRPiEpM6lyLj uLLjiiblm57vtz9sjKgBvRk6Q+ZrzMxNSM8fp2vIPn0HyMeBerAdv6lq3ZBN69Pn DktywoR+jgfb3tGRwZmchwr0TchvUEE4rPSWQD/aSr0nqX9g4UUVVmEZlXtP65p9 SL3ewmZnkIjWNd08DUM/Vn5GdmviY2J+vUj0OQaGBwBeQxeI6gO47KZlqtkw8aHx ZAKrlKVUOV1nGHqa8pWOUzJ0ZahWmQsDJ+wEFcZgkXhhSj5WO4aiZTWs71UduGUz /3XGNu5PTUmPssoCaj/DwfzQQ2KTnYWb42/BCzmO0I7v4rNIVt+eemwV1BDHRaZf Zv1yLyxzZIgaoIt8iTYDO7fXjmF4UsmgVwpDYgo0d4XFJ0QIlNk= =TY7h -----END PGP SIGNATURE-----