-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 27 Apr 2026 11:48:27 -0400 Source: mongo-c-driver Binary: libbson-1.0-0t64 libbson-1.0-0t64-dbgsym libbson-dev libmongoc-1.0-0t64 libmongoc-1.0-0t64-dbgsym libmongoc-dev Architecture: amd64 Version: 1.30.4-1+deb13u2 Distribution: trixie Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) Changed-By: Roberto C. Sanchez Description: libbson-1.0-0t64 - Library to parse and generate BSON documents - runtime files libbson-dev - Library to parse and generate BSON documents - dev files libmongoc-1.0-0t64 - MongoDB C client library - runtime files libmongoc-dev - MongoDB C client library - dev files Changes: mongo-c-driver (1.30.4-1+deb13u2) trixie; urgency=medium . * Fix CVE-2026-6231: bson_validate may skip validation when processing certain inputs * Fix CVE-2026-4359: a compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause an application crash * Fix: improve handling of corrupt GridFS files (upstream ticket: https://jira.mongodb.org/browse/CDRIVER-6281) * Fix CVE-2025-14911: user-controlled chunkSize metadata from lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container * Fix CVE-2026-6691: Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic Checksums-Sha1: a5b6030549d71d0a19df32e1d674687a6aef67d2 313920 libbson-1.0-0t64-dbgsym_1.30.4-1+deb13u2_amd64.deb 95c6738ec6d6de9a4b3d9d5470dbda031cc97a20 89252 libbson-1.0-0t64_1.30.4-1+deb13u2_amd64.deb db9899278f210bc9517060bbb9ef52c1c6ac83d0 151276 libbson-dev_1.30.4-1+deb13u2_amd64.deb a9c202c11bae66ff0d3d5fc9aecd0393d3cd3c4f 1657440 libmongoc-1.0-0t64-dbgsym_1.30.4-1+deb13u2_amd64.deb 3ff15b46061e1719558f826d405aab8cb77fe077 390820 libmongoc-1.0-0t64_1.30.4-1+deb13u2_amd64.deb 43324b069addb4adf9fc2d2a95cd9ab6f6d7d287 466564 libmongoc-dev_1.30.4-1+deb13u2_amd64.deb 621a06d8d339b6bb4b61a5165881ffa8405a02e9 10239 mongo-c-driver_1.30.4-1+deb13u2_amd64-buildd.buildinfo Checksums-Sha256: 8f401f4c31fdeeed2a9ce49b53704280fa943fac7e2c7781313eb14069aa5847 313920 libbson-1.0-0t64-dbgsym_1.30.4-1+deb13u2_amd64.deb 60a59830c2e69f417a982f39a4cf136546ff66203661c7235ce862fb8d0ed66d 89252 libbson-1.0-0t64_1.30.4-1+deb13u2_amd64.deb e3ef62e2e450d1e681829d4c66c48921f2b31336692b42d419cbe9eeedc39004 151276 libbson-dev_1.30.4-1+deb13u2_amd64.deb 16f653a34968c810d3670bd1464dc8f34887ac14521667b8a000e4f557f7704d 1657440 libmongoc-1.0-0t64-dbgsym_1.30.4-1+deb13u2_amd64.deb 0cf6fba4d48b756e474af0308b4df873a74692c279c99243022a23d71b460df6 390820 libmongoc-1.0-0t64_1.30.4-1+deb13u2_amd64.deb f1457a73aedc89e2b51e38e7c86598f181b4dcb0ac9f7f2f2983c7ca31e41f1a 466564 libmongoc-dev_1.30.4-1+deb13u2_amd64.deb 0707f5abdffaea034a85961c23b64df58c486e8c8f10b8fbba794e24b035cd5f 10239 mongo-c-driver_1.30.4-1+deb13u2_amd64-buildd.buildinfo Files: 4a6f1db1a5b19749a2aef66229845031 313920 debug optional libbson-1.0-0t64-dbgsym_1.30.4-1+deb13u2_amd64.deb 1c99297d6a2415234771208db812f26c 89252 libs optional libbson-1.0-0t64_1.30.4-1+deb13u2_amd64.deb 8ca62cfb035d455264c30e9a3bb2a106 151276 libdevel optional libbson-dev_1.30.4-1+deb13u2_amd64.deb 4a44ecfb5ba5e69d98cfe8b070497d0b 1657440 debug optional libmongoc-1.0-0t64-dbgsym_1.30.4-1+deb13u2_amd64.deb d8e90980371839d0578dea294db58fc2 390820 libs optional libmongoc-1.0-0t64_1.30.4-1+deb13u2_amd64.deb ccf7e18e647cc997e48faf6c69e2f21d 466564 libdevel optional libmongoc-dev_1.30.4-1+deb13u2_amd64.deb 4c8dff56c1458d52b40d22f7872d909e 10239 libs optional mongo-c-driver_1.30.4-1+deb13u2_amd64-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7cQ9mRD4+dWjjrb6PkCWRKsh20cFAmn41J0ACgkQPkCWRKsh 20flcw/9G3GvYacLcGxINEjD9YxtcntOddzrKpQBenVkj+L8NE73mfzDJb1u7aN/ D8N60ZFhDNoAwkyL44E73h1CV0U8AgJLW9ACtiQrtFdmAAO5zz7QlUHU3SDN2qWV QSl7+kb+BFanfZIrucdWCkAoyoIQgjDyenpQ9uTCp394wO3H9LbNZ6VbGoLTAI5s 0ebA+IzTuzcVfpfpXe2c9UzTkBggCbrgABqyiVa8wyM2YgbfqmjlGTMmagVeqhXN 8CAzlVIiTqGKljoA1lu/DZxNuijuWQvMS+PzJfITKZbagZXx5240/R7PXJB5W3Lj IOX9AERYEcwkBOrC/cIYGDDa8CfGYOV8ZVopFZULZg7TTgtiqCg4Wa7OsnJePcsj MaTf5uSlM8dvdPbfXVkJIxB1me9cLPTEBG+7atCzLu7BBpbvIZcV+1uaIzK+GM3y USihvO77lZ9ovo8g8OJ+pmRCMDBsLwHbshjGAR4GusuUfp8RPGW+n+xT9Iwhyalx WjxzGSRhslfnZ1480hYeQizkNEARR8FkVS2mOEc/68j4JoFfWmjAPyJV2Hz3JUO5 u2tdCPcNOFFkuEGlwmDZBBz2JDLHtZEFzSNi/utHBRsqW8OAjdLTB481NOQENDX1 A4rn9Znq8Ac2r2WQnObiF9lXNB7ydwUQncBm2i5dQu5q5rc/uNA= =sM2l -----END PGP SIGNATURE-----