-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 27 Apr 2026 11:48:27 -0400 Source: mongo-c-driver Binary: libbson-1.0-0t64 libbson-1.0-0t64-dbgsym libbson-dev libmongoc-1.0-0t64 libmongoc-1.0-0t64-dbgsym libmongoc-dev Architecture: i386 Version: 1.30.4-1+deb13u2 Distribution: trixie Urgency: medium Maintainer: i386 Build Daemon (x86-grnet-01) Changed-By: Roberto C. Sanchez Description: libbson-1.0-0t64 - Library to parse and generate BSON documents - runtime files libbson-dev - Library to parse and generate BSON documents - dev files libmongoc-1.0-0t64 - MongoDB C client library - runtime files libmongoc-dev - MongoDB C client library - dev files Changes: mongo-c-driver (1.30.4-1+deb13u2) trixie; urgency=medium . * Fix CVE-2026-6231: bson_validate may skip validation when processing certain inputs * Fix CVE-2026-4359: a compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause an application crash * Fix: improve handling of corrupt GridFS files (upstream ticket: https://jira.mongodb.org/browse/CDRIVER-6281) * Fix CVE-2025-14911: user-controlled chunkSize metadata from lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container * Fix CVE-2026-6691: Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic Checksums-Sha1: 72884d9197a9c757cf30f2e08ffd27bd88c8ce05 279192 libbson-1.0-0t64-dbgsym_1.30.4-1+deb13u2_i386.deb b8a76d1abc056822435dd4562a80eedac430e469 97100 libbson-1.0-0t64_1.30.4-1+deb13u2_i386.deb 704ab74c440947443a86005c2ff5017ae9396baf 162180 libbson-dev_1.30.4-1+deb13u2_i386.deb e99793a0ed5e7a5288dad2994359a4e9efcab1ad 1418600 libmongoc-1.0-0t64-dbgsym_1.30.4-1+deb13u2_i386.deb 2deac05613eec47bbbefb4184175f58cb175e40e 418300 libmongoc-1.0-0t64_1.30.4-1+deb13u2_i386.deb 1915f662ff93c8e06e434460624dcdf33693d6ac 506812 libmongoc-dev_1.30.4-1+deb13u2_i386.deb 70f9854fa455a45e7c21c566a3deeb4f6b258ae9 10128 mongo-c-driver_1.30.4-1+deb13u2_i386-buildd.buildinfo Checksums-Sha256: 623608e9dd4d33c9f641896d89e3a6096f31239677deddf60caa647e2bc17739 279192 libbson-1.0-0t64-dbgsym_1.30.4-1+deb13u2_i386.deb f19525cc04f096bcc57c470f65443ac1b381cba4a98597f9fae183a737a406b3 97100 libbson-1.0-0t64_1.30.4-1+deb13u2_i386.deb dd0dfb7e7352c462f0b33501d6982b8171c828cda0ab3bfaf860eb19dedf31f5 162180 libbson-dev_1.30.4-1+deb13u2_i386.deb 3d0e06006af164734d5769277db7a6cd76cf0aec1e2b74c18bfd3c7c63a9e912 1418600 libmongoc-1.0-0t64-dbgsym_1.30.4-1+deb13u2_i386.deb d17ed266231204218154a501d99830b9c63e807ef1256432a0915383bfad37d5 418300 libmongoc-1.0-0t64_1.30.4-1+deb13u2_i386.deb 453594673f3fb1f2c0eb05b4faf752f77509cc79984c03647199912e4e50f93b 506812 libmongoc-dev_1.30.4-1+deb13u2_i386.deb 0ccbb45b3c56ba19d3d7484e6b9a8a2aca9048ef097f28296053acd1abcdf862 10128 mongo-c-driver_1.30.4-1+deb13u2_i386-buildd.buildinfo Files: 31f6ca74fa3a280b1452cd27cc27e4e5 279192 debug optional libbson-1.0-0t64-dbgsym_1.30.4-1+deb13u2_i386.deb c6451b118edba42d7e7073398ef5803d 97100 libs optional libbson-1.0-0t64_1.30.4-1+deb13u2_i386.deb de2bac4968a39c435abab58a8cda85dc 162180 libdevel optional libbson-dev_1.30.4-1+deb13u2_i386.deb 9c9ac6823813670b1119c1f36f99454e 1418600 debug optional libmongoc-1.0-0t64-dbgsym_1.30.4-1+deb13u2_i386.deb 148e0c806823afb850aa4fadf50e9698 418300 libs optional libmongoc-1.0-0t64_1.30.4-1+deb13u2_i386.deb c115327cc625c97bef1407376fbb337c 506812 libdevel optional libmongoc-dev_1.30.4-1+deb13u2_i386.deb ba3a27362be593da97ca6d4b434f20b4 10128 libs optional mongo-c-driver_1.30.4-1+deb13u2_i386-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEPAUaMA0H0rOy6qBWf2INRiCdaWIFAmn41HAACgkQf2INRiCd aWImORAAgJfDpsll/UY41ZdDyLSu8y5dIlwCiTtpxn7Fu91qzAm2I7I1nlpsYujR +Kg7op8LT6q3C409yGilUjdzlqfjM2i13OawAbwiuWNM8U9hViXC7LpS6owAyw2R L8U8e4WG0437r8HGYCjW6C4MFcNfniq2VOLQezK1gyiK/mp8rNR4l2Po7KYGpcAR 9uliAvKy6SpxWQRfr/tn18J6VUCEpKxrwkjpV9TCDHGA2PX+Rt1N3KrkMiUfJqyk 48wToRRFc169lN4FzA0A1xV7PKeCKtZAmGdYlA0jBU6HKdnHVoOmT19i13OW1ozT 68Sx+ldz+dKOgCZAe2Ugfg5hrrayeujmrXsCRwZkElYplhyuT3c3Tmt4n2Nbifkk gqslDIqX6/TK0E101UoQza78Z749OCQxgRvMkc4dz6rOpSY6peKOaLWqqJ5mZf+O ED+0EIV9ScvppF0Dl8yQGkKSsszcc3UXw/W7kubfhxOuzRXRMSE5UBBHjq57a+LM LiRNA7+zJRI9ZjPvV3n0UbFkednwCIeHw4y5nKSQDegJIcCJb+7ofgVDkSpfJF9K YqGvyvyoju3dfzN/yGWj8iu/OFXyyISgAZID006mDewkwYLG9ako5Q6qtN2MNzu5 j6zjvPFv9FWiMPlB1uj8rxyCWeXSUtjl1o9x8LQzYk+Yr1N+ST0= =vIfF -----END PGP SIGNATURE-----