-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 27 Apr 2026 11:48:27 -0400 Source: mongo-c-driver Binary: libbson-1.0-0t64 libbson-1.0-0t64-dbgsym libbson-dev libmongoc-1.0-0t64 libmongoc-1.0-0t64-dbgsym libmongoc-dev Architecture: armel Version: 1.30.4-1+deb13u2 Distribution: trixie Urgency: medium Maintainer: armel Build Daemon (arm-conova-04) Changed-By: Roberto C. Sanchez Description: libbson-1.0-0t64 - Library to parse and generate BSON documents - runtime files libbson-dev - Library to parse and generate BSON documents - dev files libmongoc-1.0-0t64 - MongoDB C client library - runtime files libmongoc-dev - MongoDB C client library - dev files Changes: mongo-c-driver (1.30.4-1+deb13u2) trixie; urgency=medium . * Fix CVE-2026-6231: bson_validate may skip validation when processing certain inputs * Fix CVE-2026-4359: a compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause an application crash * Fix: improve handling of corrupt GridFS files (upstream ticket: https://jira.mongodb.org/browse/CDRIVER-6281) * Fix CVE-2025-14911: user-controlled chunkSize metadata from lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container * Fix CVE-2026-6691: Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic Checksums-Sha1: 3f0fe3b8b21f1ccba7ab690591bb9c0bfd52f940 300360 libbson-1.0-0t64-dbgsym_1.30.4-1+deb13u2_armel.deb 59bfc19c1bb6680dddc7be99fddbb3bf4f0bab5b 80652 libbson-1.0-0t64_1.30.4-1+deb13u2_armel.deb d989a29bd15a1162fcc68afc026c7aa39106f38d 142396 libbson-dev_1.30.4-1+deb13u2_armel.deb b5e069ef850797e01263af3ea14869ce67fc695c 1582580 libmongoc-1.0-0t64-dbgsym_1.30.4-1+deb13u2_armel.deb 4d6204b8de28e5ac286fe1c8d7a4e02b35a06823 344884 libmongoc-1.0-0t64_1.30.4-1+deb13u2_armel.deb b53a347cece75dfb65158e3c72580c8204b74594 436548 libmongoc-dev_1.30.4-1+deb13u2_armel.deb 029b73615cf06a244d7b49cc07d7e2468b7c70e5 10091 mongo-c-driver_1.30.4-1+deb13u2_armel-buildd.buildinfo Checksums-Sha256: 2b12a6a87a791cb102a57985e8aa10ce85a37acebb597ba878e25e346b2756fd 300360 libbson-1.0-0t64-dbgsym_1.30.4-1+deb13u2_armel.deb 8f062e4a6150a1a2ac35a41ab646a580d9d75ad55ea08a583d8f092880bbc7cb 80652 libbson-1.0-0t64_1.30.4-1+deb13u2_armel.deb 4d8fb7fe03aedde2a9515630abd8adf3bbdabf3068859a0dd3e6435d2419a456 142396 libbson-dev_1.30.4-1+deb13u2_armel.deb fd36e9ff1983c0a37dc94d1cd49ab145f5c6a28d83df5ae73d7cf00ff0324692 1582580 libmongoc-1.0-0t64-dbgsym_1.30.4-1+deb13u2_armel.deb b36d30ad0d2203237b411a7e8f4facdb4c828095b8dcefcae9b01b970ee5a92b 344884 libmongoc-1.0-0t64_1.30.4-1+deb13u2_armel.deb 7606c820022714ab319ddb3171a1dd9cdb4b33875d36e1120a077b8c4186fab0 436548 libmongoc-dev_1.30.4-1+deb13u2_armel.deb b794cc4888694dddf10aba91254a2180560067465db757821e773a767084d152 10091 mongo-c-driver_1.30.4-1+deb13u2_armel-buildd.buildinfo Files: 089d9ea5ce9b1278e4982f5d58ebd35e 300360 debug optional libbson-1.0-0t64-dbgsym_1.30.4-1+deb13u2_armel.deb cd49dc0166177cc7d49f9a2bc007856a 80652 libs optional libbson-1.0-0t64_1.30.4-1+deb13u2_armel.deb d1c938f21dec71373dc12b1e1388e4da 142396 libdevel optional libbson-dev_1.30.4-1+deb13u2_armel.deb d8ea395779bef82ab10a0bc39d38dab6 1582580 debug optional libmongoc-1.0-0t64-dbgsym_1.30.4-1+deb13u2_armel.deb 0fb45a12481d8c45999ea419a9764ee9 344884 libs optional libmongoc-1.0-0t64_1.30.4-1+deb13u2_armel.deb 35e65c4e777f65793954f09ef7acd289 436548 libdevel optional libmongoc-dev_1.30.4-1+deb13u2_armel.deb f46cb7a12405aef454dc05641e78702d 10091 libs optional mongo-c-driver_1.30.4-1+deb13u2_armel-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEYxmcRLDHP0tCCM0oScpU3dYulLgFAmn41LUACgkQScpU3dYu lLjstw//VkDmZ+c8PdaHnlLxAiPBz9dG/u4E/DmMTnN+L1do8GYMMuM3FC0e03d/ MQHlz2ffNIRAg0ilbH2HMKRLkhtexqOKt7RzfsoyGLjO3aCD6ACPkS4h/OMvvPSN RzsY3nkO8defOVWBJNKTI232dhSWs8Jb62kBy51t5iVGS2sXBd/sAhYvzGTtnVMh sWvxmWB3nz993pC0fdERYC7bXlkz+jXix98M80GwWJgRySQR2R2DZAEJ7D8/cidp 4czoguwVuw6TififCuSNtl24/oB5z5M3Omer44vDQrOISTKsgxBILc0UtUHgM125 mmNjTN3q6PG2/rDd5izAMFfU6b8XxYZ0x9lVqiDADY+wAM5ZEHkvC387DBg43oSq pTsWce/LeKJz/F3o1OU7gtvZcAYppy0jfG1cFBacfAyk92Tu2n2u5NJ7qLdDZsLG PJ/1dMFBWhQZmUe85a4DDuM7/X3j3Kq94MJosFY0xDqndnd6YJhHeRw4J2mYUfpM vZgrHZIn7mmSUELSuYkYXDmW+A+IsLoVMRGVE7+7h0+JI/1dn1Lhg8w8B5m6B+4T i5b3sR3FL0p/ImkZHBZmrttysAZiGkNc1OBumrUm8e1mT0XrQrtauzdBFsKLMFhG PzBmplWXLmR1I2EhHhYs2TeX/Un3KWSIIWw1czwczoVTRhIk0x4= =Z8VS -----END PGP SIGNATURE-----