-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 27 Apr 2026 11:48:27 -0400 Source: mongo-c-driver Binary: libbson-1.0-0t64 libbson-1.0-0t64-dbgsym libbson-dev libmongoc-1.0-0t64 libmongoc-1.0-0t64-dbgsym libmongoc-dev Architecture: riscv64 Version: 1.30.4-1+deb13u2 Distribution: trixie Urgency: medium Maintainer: riscv64 Build Daemon (rv-osuosl-02) Changed-By: Roberto C. Sanchez Description: libbson-1.0-0t64 - Library to parse and generate BSON documents - runtime files libbson-dev - Library to parse and generate BSON documents - dev files libmongoc-1.0-0t64 - MongoDB C client library - runtime files libmongoc-dev - MongoDB C client library - dev files Changes: mongo-c-driver (1.30.4-1+deb13u2) trixie; urgency=medium . * Fix CVE-2026-6231: bson_validate may skip validation when processing certain inputs * Fix CVE-2026-4359: a compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause an application crash * Fix: improve handling of corrupt GridFS files (upstream ticket: https://jira.mongodb.org/browse/CDRIVER-6281) * Fix CVE-2025-14911: user-controlled chunkSize metadata from lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container * Fix CVE-2026-6691: Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic Checksums-Sha1: eacddb11a7a945ea29f9b3f846e0701030fce532 299644 libbson-1.0-0t64-dbgsym_1.30.4-1+deb13u2_riscv64.deb ec6c71da91961bca7542a6301a5a6c41506b59b0 94524 libbson-1.0-0t64_1.30.4-1+deb13u2_riscv64.deb 038055da387f9c599f7b4ee83f046a876bb2e2ae 314956 libbson-dev_1.30.4-1+deb13u2_riscv64.deb d0eda5b2743f664dbf3fd33f8ab7f294a79e1041 1598572 libmongoc-1.0-0t64-dbgsym_1.30.4-1+deb13u2_riscv64.deb bcf19ac4b1f7a3b7e9a746e6ad0d55b7787bc680 399880 libmongoc-1.0-0t64_1.30.4-1+deb13u2_riscv64.deb 81bf02afbc65535963d6565ea8b956747204bede 1041912 libmongoc-dev_1.30.4-1+deb13u2_riscv64.deb bb96fb69b3e3790cb98123bb195d882652b2e38e 10210 mongo-c-driver_1.30.4-1+deb13u2_riscv64-buildd.buildinfo Checksums-Sha256: 18cbfa3c48a003265d9fb3b42a59061eecf7609addc8821fea62a49f6cc40090 299644 libbson-1.0-0t64-dbgsym_1.30.4-1+deb13u2_riscv64.deb 4c03533b277f12da58aaae7ea73fa6353f246a50b7fc15d0b3e087d566baf0c2 94524 libbson-1.0-0t64_1.30.4-1+deb13u2_riscv64.deb b9a6240e48d0a64c4bf6ce7013191b5f549ca9771a2a3c806825372536434500 314956 libbson-dev_1.30.4-1+deb13u2_riscv64.deb d96e8660327db8cda620f71ed39d145899ee2386e8406ebf9c1f8b6c6071c73e 1598572 libmongoc-1.0-0t64-dbgsym_1.30.4-1+deb13u2_riscv64.deb 47d4e7da9a65f2b9ea868a5946ca6c118406e94f3b89946a08175ff8ecd2ba4e 399880 libmongoc-1.0-0t64_1.30.4-1+deb13u2_riscv64.deb 36a07f008f328f38dd6058801d4b6f35a105aedc53334ae430ae811e8e5f2e0c 1041912 libmongoc-dev_1.30.4-1+deb13u2_riscv64.deb e765fbbf4da3d03176c095f474be0d8fb579144f27f00c15c377930fe13205df 10210 mongo-c-driver_1.30.4-1+deb13u2_riscv64-buildd.buildinfo Files: e68176a0f25fec7775945bf592a9c3fd 299644 debug optional libbson-1.0-0t64-dbgsym_1.30.4-1+deb13u2_riscv64.deb 970c59dd49a23f9e77470156703a18e5 94524 libs optional libbson-1.0-0t64_1.30.4-1+deb13u2_riscv64.deb 3b3fbb49425fc38df44aeed828499326 314956 libdevel optional libbson-dev_1.30.4-1+deb13u2_riscv64.deb b1a4e5045e9e7f98f044d3e1256e2e7a 1598572 debug optional libmongoc-1.0-0t64-dbgsym_1.30.4-1+deb13u2_riscv64.deb 4887bd4d45525fe4fbf318f5e496d93a 399880 libs optional libmongoc-1.0-0t64_1.30.4-1+deb13u2_riscv64.deb 727d486465d7f8f56a67b5881e08cc5c 1041912 libdevel optional libmongoc-dev_1.30.4-1+deb13u2_riscv64.deb 02836e061f8e9b34a0aa254cd2296e9f 10210 libs optional mongo-c-driver_1.30.4-1+deb13u2_riscv64-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE/AxPdLOtOshqz3vw/Fc5EAGpa+sFAmn47qUACgkQ/Fc5EAGp a+s+LA//ZQDwi7H5ZTBHOBkqM+mrwd4s6eq7kaCRNZYZRyMnsTwaS418S3jCqqoP Egrvx+Oc8SuyK19SSf0mmfbOMVygDLj9Wv881Ev+k8cQDD0N6Z9xmyynknlSegaW Ro3rw4H+r02AKpvg4s7S9EH1ALZiTtVyzQ+M4uw8khdSNUQ9Sj3JIIDGIUFPEeoH EDNxctzfhAQWLXMSooRHYtcQ6X5ebar+OQozSbtai/9Fj6SlqZkaBFbMeyP6MxOD U3oif3DtN81pFnmemulzXSruSgxy/S3smD01UJlLckLHvJiKePLHsnAc6TElvJdb yXPPLT8/ILE2OWLnlBPp4d5lQqQv+e7MZjYBmavhYsVar/CnjdQc5XRZ5ePkutSm cLVFMcP7+FDmouLHJoC3sluE4w5g0I1lwT07vS71oR9x08vQqzsjozIp9VtBBYCE jXPJm4xvkjVchHn6v4nDVxBxYMOZwjDgBLidORBmXNRYnq7x3FS0zyUPrlqaxwNP taE2BoYcpEXYz0GjXlrxrsvSgBBMuUzAE90Z4TctsLBV7X9jAe3IicpZHUPRqKXE RQFPi48ZXDZH7SN82RYKsWFUzOmanY4SxXdcbFSl3KExp8/UcJDrLL9lK3GniZLB OHxrre/KteOvb6g1YmZsLlmPbciQhAcQFyhJCl3f1Af6Mw1C1wc= =IVSi -----END PGP SIGNATURE-----