-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 27 Apr 2026 11:48:27 -0400 Source: mongo-c-driver Binary: libbson-1.0-0t64 libbson-1.0-0t64-dbgsym libbson-dev libmongoc-1.0-0t64 libmongoc-1.0-0t64-dbgsym libmongoc-dev Architecture: armhf Version: 1.30.4-1+deb13u2 Distribution: trixie Urgency: medium Maintainer: armhf Build Daemon (arm-conova-01) Changed-By: Roberto C. Sanchez Description: libbson-1.0-0t64 - Library to parse and generate BSON documents - runtime files libbson-dev - Library to parse and generate BSON documents - dev files libmongoc-1.0-0t64 - MongoDB C client library - runtime files libmongoc-dev - MongoDB C client library - dev files Changes: mongo-c-driver (1.30.4-1+deb13u2) trixie; urgency=medium . * Fix CVE-2026-6231: bson_validate may skip validation when processing certain inputs * Fix CVE-2026-4359: a compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause an application crash * Fix: improve handling of corrupt GridFS files (upstream ticket: https://jira.mongodb.org/browse/CDRIVER-6281) * Fix CVE-2025-14911: user-controlled chunkSize metadata from lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container * Fix CVE-2026-6691: Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic Checksums-Sha1: 4098d125856fd1322aa86d99a6540de59c7a4851 303476 libbson-1.0-0t64-dbgsym_1.30.4-1+deb13u2_armhf.deb 948c34d67cad109e80c86a3b3d2c7d0fb2c0aa6f 81404 libbson-1.0-0t64_1.30.4-1+deb13u2_armhf.deb 3ce43f475fc97ceff09cdc6deeee26d87d15848b 143656 libbson-dev_1.30.4-1+deb13u2_armhf.deb b535c92516b04d79da50b4dbb888f32333ef5573 1595480 libmongoc-1.0-0t64-dbgsym_1.30.4-1+deb13u2_armhf.deb 81534e84854c167b488db6e131a36f7101846731 352324 libmongoc-1.0-0t64_1.30.4-1+deb13u2_armhf.deb 33e27913631a74252d1da99ac6a46b8d921edc48 441840 libmongoc-dev_1.30.4-1+deb13u2_armhf.deb 4ca1689055de51f4f5789f59865016cfceb08613 10105 mongo-c-driver_1.30.4-1+deb13u2_armhf-buildd.buildinfo Checksums-Sha256: 37fa47b0433d4dc35d5ecc667164e927b00598392a2b4b040b1e35fbf122b8a6 303476 libbson-1.0-0t64-dbgsym_1.30.4-1+deb13u2_armhf.deb f492eb8fea71e007ec9e611a657cdd4468ed5dd7b667e829a2a6acd72adc7757 81404 libbson-1.0-0t64_1.30.4-1+deb13u2_armhf.deb 17f95a7f70ad871d22f7b67e45e7f97ac8f4afabacac558c7d3c36af07fea203 143656 libbson-dev_1.30.4-1+deb13u2_armhf.deb 213144172c6e19c042a5bdc2298e6c4fa3ede31847749750ce25cd9fb54a1264 1595480 libmongoc-1.0-0t64-dbgsym_1.30.4-1+deb13u2_armhf.deb 709646f72be517d7c95dfcd709cd5c11ec2b5189bce31872efacc96395fb0523 352324 libmongoc-1.0-0t64_1.30.4-1+deb13u2_armhf.deb e2fe59963d28c41b607da0b3aad0e823bef19a62148d04eb95996e665a6257b7 441840 libmongoc-dev_1.30.4-1+deb13u2_armhf.deb 08d8ccaad87ca71232bcfd5f37f2b05a63c8d246d23b7f09ea292c3cbf507f11 10105 mongo-c-driver_1.30.4-1+deb13u2_armhf-buildd.buildinfo Files: a3dfb9eca40d5888b94074e062a3d98c 303476 debug optional libbson-1.0-0t64-dbgsym_1.30.4-1+deb13u2_armhf.deb c9ddaeed4c8dc910af562fb735b82e31 81404 libs optional libbson-1.0-0t64_1.30.4-1+deb13u2_armhf.deb ed3fcd017ae71b87317cfdf06a661334 143656 libdevel optional libbson-dev_1.30.4-1+deb13u2_armhf.deb f1a8adb91b32cdb196f316ac549f4edf 1595480 debug optional libmongoc-1.0-0t64-dbgsym_1.30.4-1+deb13u2_armhf.deb f64da9eb1ebca765d48d124baab292c0 352324 libs optional libmongoc-1.0-0t64_1.30.4-1+deb13u2_armhf.deb a8edfde3112b1ffa4ceeb5542b21a1fd 441840 libdevel optional libmongoc-dev_1.30.4-1+deb13u2_armhf.deb 3c6b39c817a2f33b1877157b7a3091b0 10105 libs optional mongo-c-driver_1.30.4-1+deb13u2_armhf-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEO4qAQUSIo2p/kVRf8U6eOZMpj68FAmn41EQACgkQ8U6eOZMp j69A8w//Sae0hI5VDWcbZCyTGeZ7p0uaxOAJEEX2mc4CnaBQwiRE3XUuRVLEjNES JnvWfQ4m38SU3Qd2in+rhHGjIrLRJ4/dCk4GOsIi9sGgMe4DsVZIb4lidYMNBEUH B9XmKukMXCUgO1W4hsnEKCw/LHXVVUCM8b909NTV7Iuptu8InOeg9LQVbiVMeR9s zZXUP8YPJVyqMj8qVGa+/3knWQbNhpwCSfjANFjXgxTL0aF8tzX3Cfx7veic4nz2 FfG7haF7iQGw3MwIXCCrH3nPLgR4mjrVJUBylELMQe3qO2Bts9pqHvEalKz+sKAb keuB7rE/rW9VrrU65gZaXYNB9EFVKyD8TD95P2jkne/9A5QECa761CJ0SpeJmcnM a07TwRa3SW3PG9qlVbY5rjZ7DpY45WC8j/FnNNnkR7VmV5rt/lFW/QUGAV8GLO/P TBiotvT0TofR2RNvhyJoBnvEn7YCclYafFxGtvXP9CMuvQPZUgG3W+ckd2V+F+R1 DgcJPMgYuq+ba6rv49xHR6BrH0dnpUVcDE7/h67j+ofouMbVQj8Zoem2deG5jPP6 E0Y+cLdDE5sBZIW0vVDyrTykfhd/V7YOR7Bo/pl9+/pJ37DV/vYGaT6DeUXPSBPi +6MWCK6GO2kkVssjaqOLrH6Y2fkBGKU6TTyy6qdN4Ecgqw5RPkc= =4iz5 -----END PGP SIGNATURE-----