-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 27 Apr 2026 11:48:27 -0400 Source: mongo-c-driver Binary: libbson-1.0-0t64 libbson-1.0-0t64-dbgsym libbson-dev libmongoc-1.0-0t64 libmongoc-1.0-0t64-dbgsym libmongoc-dev Architecture: arm64 Version: 1.30.4-1+deb13u2 Distribution: trixie Urgency: medium Maintainer: arm64 Build Daemon (arm-ubc-06) Changed-By: Roberto C. Sanchez Description: libbson-1.0-0t64 - Library to parse and generate BSON documents - runtime files libbson-dev - Library to parse and generate BSON documents - dev files libmongoc-1.0-0t64 - MongoDB C client library - runtime files libmongoc-dev - MongoDB C client library - dev files Changes: mongo-c-driver (1.30.4-1+deb13u2) trixie; urgency=medium . * Fix CVE-2026-6231: bson_validate may skip validation when processing certain inputs * Fix CVE-2026-4359: a compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause an application crash * Fix: improve handling of corrupt GridFS files (upstream ticket: https://jira.mongodb.org/browse/CDRIVER-6281) * Fix CVE-2025-14911: user-controlled chunkSize metadata from lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container * Fix CVE-2026-6691: Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic Checksums-Sha1: 94c1e338489771568591fbd3b1ea2899d0c21747 315568 libbson-1.0-0t64-dbgsym_1.30.4-1+deb13u2_arm64.deb 5e86b18492a61b950222fef9fe67e0a22686cb87 85560 libbson-1.0-0t64_1.30.4-1+deb13u2_arm64.deb 68e88f7de2aa14c49c28bba95f2ad41992792ec9 150668 libbson-dev_1.30.4-1+deb13u2_arm64.deb 87b8e0f9749a9a4ebc86c5194acda5d7904e3e6a 1632584 libmongoc-1.0-0t64-dbgsym_1.30.4-1+deb13u2_arm64.deb 83c290ba0c1b75c663e75e79f0be0326f598cb73 360580 libmongoc-1.0-0t64_1.30.4-1+deb13u2_arm64.deb a855305a0a5f0503f9bf42ffbfc349c2c3b84368 469424 libmongoc-dev_1.30.4-1+deb13u2_arm64.deb 9cff258b0a3aa39d1461445086ca470fe1946ce6 10226 mongo-c-driver_1.30.4-1+deb13u2_arm64-buildd.buildinfo Checksums-Sha256: b601aa8104e9e3125d28a06130d93681c3253bd57cdb4a317dc61924ee945ad0 315568 libbson-1.0-0t64-dbgsym_1.30.4-1+deb13u2_arm64.deb 6f9844838269fd6253d12ab4a8b8479f4f6f1cdc476ef64c24780afd4d3a33c6 85560 libbson-1.0-0t64_1.30.4-1+deb13u2_arm64.deb a4d944e6be186813f067ea333f0b4949b5c98e9cc331b3739cccc6be94d15afa 150668 libbson-dev_1.30.4-1+deb13u2_arm64.deb 8157cc3d27da4012b810d2c8a292b9dd32b67a41faa67d93686e59913371b9e8 1632584 libmongoc-1.0-0t64-dbgsym_1.30.4-1+deb13u2_arm64.deb a866e37d6b362a6827d365cd37cf1ad400ddebdfb8eac1456daa2d6fca8e0316 360580 libmongoc-1.0-0t64_1.30.4-1+deb13u2_arm64.deb 505472f50b600366be39a998a4b9487a9ca1a0deb5d128d7e0edd7011c318906 469424 libmongoc-dev_1.30.4-1+deb13u2_arm64.deb 6e34a8b274548bc56ba4860e3f9f0f0d23885f05866628f509b581de67b2a523 10226 mongo-c-driver_1.30.4-1+deb13u2_arm64-buildd.buildinfo Files: b3a83471c905bd30bf760757f39f9a4c 315568 debug optional libbson-1.0-0t64-dbgsym_1.30.4-1+deb13u2_arm64.deb 66711bc5ea16bf2f7e2f76cefc0e9f35 85560 libs optional libbson-1.0-0t64_1.30.4-1+deb13u2_arm64.deb e416cefaa5bbf57608db19124d8cee91 150668 libdevel optional libbson-dev_1.30.4-1+deb13u2_arm64.deb acf8fda58d7e1599f8e492ece11866c3 1632584 debug optional libmongoc-1.0-0t64-dbgsym_1.30.4-1+deb13u2_arm64.deb 7cc700ba4d2f71a2b64a07019f040b03 360580 libs optional libmongoc-1.0-0t64_1.30.4-1+deb13u2_arm64.deb 4f638ada5f5786d2f59da91da6163238 469424 libdevel optional libmongoc-dev_1.30.4-1+deb13u2_arm64.deb 3bfe0eee3b5aeb05ced33eb39cdda74b 10226 libs optional mongo-c-driver_1.30.4-1+deb13u2_arm64-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEBOUsBrtd5lcy6oRfutMAkCxKbL0FAmn41DYACgkQutMAkCxK bL05IRAAxepcumA0pF7Ihdp6nebaD53pGBmifdqBkFfxFKQLF2QmT53w7l2JCEYC 49IbTrre1LNbii/Mi6zZecbEvZ8rtk1SZGr4RscbtiQtf9JL0pdKTh+yRziIdy6d 2n61wnRjQ+vOBprUZoddJsSuA32p5CPdoLNjOm35nQNnTlzz63DITopBKRMs6ZoB 8fEinRc/zpnPGIF7u9lM2TpXjwFhQDdxSMr3fvv2EAur0jT8Y9jCldX0yL+P3DL0 dDM6PAK8Upw+XYtsbqbBXvEIWxbRUvqB6PNFvtzQjXa/RDgyVPtNH6kDO2DBvxlf 6yUB43jL+aqnGGVRxSJ2XbAcnOzyti9Px+gN4nlAv5mIsxrTguOeiFdzewFMJW/A OOHODtXGgI+KB/0YubEycqvwulnt9yOsBA1t0MFyytSuy960lddCBo6xwtuPP0Mx 2EkhChgncGWFFWxwVpkgqax32uskJ3iOqP4L/FHTW52ZigBLIheKoY1A/eThsf69 GFL4N54hVeXFeAJ0r7BiDN98JEm3ugWtMfckd0CwtTnJAgVMZZsapD1HL05mc8j8 AwMAzJ5J/beCsXfy5c6kJ6bUsHJpTZ2ZBzQClb1IbyWj/FwJXW7+GPk6BLfCzfEm dCeZA1lM7WS1BAIjd8qT4jloFZLFEWAcajPtKONgUk5yai37tBE= =0ASA -----END PGP SIGNATURE-----