-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 27 Apr 2026 11:48:27 -0400 Source: mongo-c-driver Binary: libbson-1.0-0t64 libbson-1.0-0t64-dbgsym libbson-dev libmongoc-1.0-0t64 libmongoc-1.0-0t64-dbgsym libmongoc-dev Architecture: s390x Version: 1.30.4-1+deb13u2 Distribution: trixie Urgency: medium Maintainer: s390x Build Daemon (ziehrer) Changed-By: Roberto C. Sanchez Description: libbson-1.0-0t64 - Library to parse and generate BSON documents - runtime files libbson-dev - Library to parse and generate BSON documents - dev files libmongoc-1.0-0t64 - MongoDB C client library - runtime files libmongoc-dev - MongoDB C client library - dev files Changes: mongo-c-driver (1.30.4-1+deb13u2) trixie; urgency=medium . * Fix CVE-2026-6231: bson_validate may skip validation when processing certain inputs * Fix CVE-2026-4359: a compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause an application crash * Fix: improve handling of corrupt GridFS files (upstream ticket: https://jira.mongodb.org/browse/CDRIVER-6281) * Fix CVE-2025-14911: user-controlled chunkSize metadata from lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container * Fix CVE-2026-6691: Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic Checksums-Sha1: c19d5ab062b45ea83e630e5114c2225b0b873bde 324772 libbson-1.0-0t64-dbgsym_1.30.4-1+deb13u2_s390x.deb 0e4ddf27443b9ca5c382d3d34c6dd412c6c24cc8 89584 libbson-1.0-0t64_1.30.4-1+deb13u2_s390x.deb 8f5024a0525f2c976da7d542c90e69d3326418a0 153016 libbson-dev_1.30.4-1+deb13u2_s390x.deb ddcb26686c07525a32837d9ed34a6e72c3835eda 1684348 libmongoc-1.0-0t64-dbgsym_1.30.4-1+deb13u2_s390x.deb f7a1171758f4911934bd4456bf1668cff4960915 368280 libmongoc-1.0-0t64_1.30.4-1+deb13u2_s390x.deb a8385ac59ed14de3a26c057f99490294d0fa8328 452948 libmongoc-dev_1.30.4-1+deb13u2_s390x.deb 4450185963cd55397c3047179197c3290ce5130b 10101 mongo-c-driver_1.30.4-1+deb13u2_s390x-buildd.buildinfo Checksums-Sha256: e5e44f0e6fee7e7f838a0bfddff254b8af48410a82de8d6b8b040e457c4cdc36 324772 libbson-1.0-0t64-dbgsym_1.30.4-1+deb13u2_s390x.deb a1175454884aaf11fe74ebd9deb04596a9eac6344813d125564639c1a86675f1 89584 libbson-1.0-0t64_1.30.4-1+deb13u2_s390x.deb 83fdb8a85d826a87516faeb06d3bbd7484d2932b36172673637dafd3327c1c7b 153016 libbson-dev_1.30.4-1+deb13u2_s390x.deb b3c53b1d1ae105a65e312fb5f73e31a62c730153b7e18a28b3a5e945b125a93f 1684348 libmongoc-1.0-0t64-dbgsym_1.30.4-1+deb13u2_s390x.deb 88dbb6462cddb93797ea63c1aec9fb37c7bd3124de939e2e36b5ef762ff38008 368280 libmongoc-1.0-0t64_1.30.4-1+deb13u2_s390x.deb 0bff72d2f8d60087282456a6e73d69d391ba0ac21986d439f9fd906ac48461c0 452948 libmongoc-dev_1.30.4-1+deb13u2_s390x.deb 90c5b7a34b6d06cbd8073c0e09765f8c63b412860e56440803b39cdaed645f5e 10101 mongo-c-driver_1.30.4-1+deb13u2_s390x-buildd.buildinfo Files: 68377d5d2eab5feaac201adfac6561be 324772 debug optional libbson-1.0-0t64-dbgsym_1.30.4-1+deb13u2_s390x.deb 046ce0bcb60e9b2b64e288f20bb59311 89584 libs optional libbson-1.0-0t64_1.30.4-1+deb13u2_s390x.deb 3cc4196bf7fa7bd069dbf581812c6e3d 153016 libdevel optional libbson-dev_1.30.4-1+deb13u2_s390x.deb a1f0590dc68fc3b469923888f0c308f4 1684348 debug optional libmongoc-1.0-0t64-dbgsym_1.30.4-1+deb13u2_s390x.deb 34303946e836509d682f44225ae9268b 368280 libs optional libmongoc-1.0-0t64_1.30.4-1+deb13u2_s390x.deb 7e0c184db9e6f4fc3432c05e4e84a66d 452948 libdevel optional libmongoc-dev_1.30.4-1+deb13u2_s390x.deb 093c08d6873c1129f23415a2e0445c7d 10101 libs optional mongo-c-driver_1.30.4-1+deb13u2_s390x-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEl0BM/nR+Oj597wRWMWUFebkHnoQFAmn41K4ACgkQMWUFebkH noTirQ//doLOhBq0dkt8FKzcZmEGOBPL5YP9xycgi5/+ffvd3CZk+OxW5nfUapKy 3/loHDBUYhw49oJtvhlMLCUpy8RLVRY7bKBuTkLz5N/80CcqpDDAEfakGBkbKuOJ SCUDxd2raxa5UwH8GD9uC+i+XX6h+0ZHSlPOYumB6rRZvXAHvyCUeuw4e4jBPsoL Ct5LuSCITtFXRosrLgqh5bscVQbYBkWPDKPkOZoyigtznICPGiv+H5tzPZcMVO6J JIAiWS6kFJHSF8h7C93rYr1P9YQBygEeilXmsiGWtMVs08dWCJ/JNNwj/e6porVc S2Hrgom/CDblGBvnxB10CDlRqn3lKiZr9piXov52urx+u9aeMmCZiezoYki11psA X+GkN3H3QfJbvZavyVEhk7Rrn6obtgPTEyMU+PvXWZtIUYJxISRn5EZJjHQqpJXD jmn6V2SXh2RGsitVF6NPiNQflI3SMgUWby5RkESesaxJGPB8Y2XAbSFAyWstA9eB giRD32Ldp8ioY15AgawP56AWVM8mhF7+d2mcSix+TYaBW75Ti8FuEWtqoR+oEFiQ O5tN57aZ0OOnWmB46b/GnTsArg6hM7Hdu3w+04I2Uh2jGY26yQseHIp00rb48OV/ vyr4YC0lMmyloMwzm3nyBOBerfY1k3vTFQ8+p9yLfhjcrXC19Wc= =cVFa -----END PGP SIGNATURE-----