-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 27 Apr 2026 11:48:27 -0400 Source: mongo-c-driver Binary: libbson-doc libmongoc-doc Architecture: all Version: 1.30.4-1+deb13u2 Distribution: trixie Urgency: medium Maintainer: all Build Daemon (x86-csail-02) Changed-By: Roberto C. Sanchez Description: libbson-doc - Library to parse and generate BSON documents - documentation libmongoc-doc - MongoDB C client library - documentation Changes: mongo-c-driver (1.30.4-1+deb13u2) trixie; urgency=medium . * Fix CVE-2026-6231: bson_validate may skip validation when processing certain inputs * Fix CVE-2026-4359: a compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause an application crash * Fix: improve handling of corrupt GridFS files (upstream ticket: https://jira.mongodb.org/browse/CDRIVER-6281) * Fix CVE-2025-14911: user-controlled chunkSize metadata from lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container * Fix CVE-2026-6691: Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic Checksums-Sha1: 20962b4c0616f38beb083031ba7f11a9de750d6c 365880 libbson-doc_1.30.4-1+deb13u2_all.deb 7517f2a01de75ccb138f11c52e32f32d6b5aecf2 1406112 libmongoc-doc_1.30.4-1+deb13u2_all.deb bdb3c001fdd98344db71f172f2992eeab73b1d43 8908 mongo-c-driver_1.30.4-1+deb13u2_all-buildd.buildinfo Checksums-Sha256: add06d8ed6e03a9b7ede3607bdf6db5149ffcf45da0921f7c44af6d947a31fcb 365880 libbson-doc_1.30.4-1+deb13u2_all.deb 69a5a2cf331bee8eff84e70358100d1c7d2da68624e7192913da5c710f6f9e10 1406112 libmongoc-doc_1.30.4-1+deb13u2_all.deb 212c3c6f212847cb5be3433eb14a01c3f0463b7b82743754ca64f7d696510776 8908 mongo-c-driver_1.30.4-1+deb13u2_all-buildd.buildinfo Files: d46703cffd33ab27db10c859eb18ad7d 365880 doc optional libbson-doc_1.30.4-1+deb13u2_all.deb e479e8e454460ef2245fde60be1e1150 1406112 doc optional libmongoc-doc_1.30.4-1+deb13u2_all.deb f547ed9bec32581f4c9ea38f8b74810c 8908 libs optional mongo-c-driver_1.30.4-1+deb13u2_all-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXLxUpUHQBQBTDtd4aBVi67oXtfkFAmn41LwACgkQaBVi67oX tfn8Cw//WGcvgzBOGyaOoCMmEZeuqi3r9akvrnRpX+4C1M0yw5RXQAAo2kC2n4Zb 5PA6s0vn2RIw5YBodcDC8b59e1ZTxEiB7DbL4NrMN8fyR7K+F3jZN9cFVaeahTGP 52JSWO08AUiHw+oXHHkyGOmRAAFnOAKw2nFWm6Ow3XFHO7+Lr/xbkGo+uXZ6ICKy 8RY0Gfyq6iyxrF8spoXH6RRV0pJUf20q9h7OGD34vsTDhzFLdT645YJQywhudyu0 HbMd6PySM5BI1DYLsqRe4Hmb3PhY3/wr7Oh1buwn24x0b7Gw8CoyeQ5jzoGhcZDS g6AhwSTwyE2Ooaer5bHBRLmTU6ILOT5CeQkqYm1Wnpp9cEhKx2FtFMW/4w+x+IFk I4WZlfdmQissza1Q5ZVI7OQQPR5gFeLchxIz2t+yF6h2Ij6BF7nEdn9RJ+Uq5aV+ eA7NfxuXqetUT+RP1IhrRsXlvPupq3trX80biPFhdMsJ5EZhWbz6mC33Mc96ZwxP S+/2Nz/aM3an8noTZdglOpT1khTpEOhJHMoEudjlcBenbGgULt1NxLeBCrZrzDn0 5jKeScduDaTbGBza4gX2XVyXc7OkWqI2l8T4pJuZLHOvG4torxzxh+29rcj1Jd9E Aprdchu62wCUYG9tAXOFpz0aXTmOTvRg/pGZ+HSdGU9TJW7cyME= =8uJ6 -----END PGP SIGNATURE-----