-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 27 Apr 2026 11:48:27 -0400 Source: mongo-c-driver Binary: libbson-1.0-0t64 libbson-1.0-0t64-dbgsym libbson-dev libmongoc-1.0-0t64 libmongoc-1.0-0t64-dbgsym libmongoc-dev Architecture: ppc64el Version: 1.30.4-1+deb13u2 Distribution: trixie Urgency: medium Maintainer: ppc64el Build Daemon (ppc64el-conova-02) Changed-By: Roberto C. Sanchez Description: libbson-1.0-0t64 - Library to parse and generate BSON documents - runtime files libbson-dev - Library to parse and generate BSON documents - dev files libmongoc-1.0-0t64 - MongoDB C client library - runtime files libmongoc-dev - MongoDB C client library - dev files Changes: mongo-c-driver (1.30.4-1+deb13u2) trixie; urgency=medium . * Fix CVE-2026-6231: bson_validate may skip validation when processing certain inputs * Fix CVE-2026-4359: a compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause an application crash * Fix: improve handling of corrupt GridFS files (upstream ticket: https://jira.mongodb.org/browse/CDRIVER-6281) * Fix CVE-2025-14911: user-controlled chunkSize metadata from lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container * Fix CVE-2026-6691: Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic Checksums-Sha1: 3c54e07826478aab47360b70c4b69d228e7353b4 320584 libbson-1.0-0t64-dbgsym_1.30.4-1+deb13u2_ppc64el.deb b3af878def68e7c1fbcaa197680677a6f57b03fc 94732 libbson-1.0-0t64_1.30.4-1+deb13u2_ppc64el.deb 0e948277b5201c03750883a3082e6cd6312dea08 161532 libbson-dev_1.30.4-1+deb13u2_ppc64el.deb eebbe1d628ddf63414eaa410b95082369bbee84b 1689520 libmongoc-1.0-0t64-dbgsym_1.30.4-1+deb13u2_ppc64el.deb 1ac39e713c5cbb3246954cac8989f9ef8ebbd1eb 419948 libmongoc-1.0-0t64_1.30.4-1+deb13u2_ppc64el.deb 3926d920142a1225e25a6b52f646fe7c0ce11de4 527716 libmongoc-dev_1.30.4-1+deb13u2_ppc64el.deb 3ea29de02b1dfc0ec9f9c44041bb455fe1a84b14 10262 mongo-c-driver_1.30.4-1+deb13u2_ppc64el-buildd.buildinfo Checksums-Sha256: 69c5b9e401e3be6fe742ea0380cb33b828b4077f442529a89c9fa7c970a384d2 320584 libbson-1.0-0t64-dbgsym_1.30.4-1+deb13u2_ppc64el.deb 5790759083657605f1bde56d9955397b95dda32fcfbc276168842b49096e64cd 94732 libbson-1.0-0t64_1.30.4-1+deb13u2_ppc64el.deb f8dbae7d46318f5bc83a3d9596371ef42b0acbdbe9856bd3f69239019ff5aa21 161532 libbson-dev_1.30.4-1+deb13u2_ppc64el.deb 5e090e8380bdda286a7b02e57549e63ea9ebef27a5450118cf61cbabcafc828c 1689520 libmongoc-1.0-0t64-dbgsym_1.30.4-1+deb13u2_ppc64el.deb 816bae7f811ba972743fa0465a8e9102a46df0b8b8609d75babe64e1022d8239 419948 libmongoc-1.0-0t64_1.30.4-1+deb13u2_ppc64el.deb b9ef153e056dcd9b6adee72c3b6b3eb6cf9a5858ea159b537361ec4a3f29a5ea 527716 libmongoc-dev_1.30.4-1+deb13u2_ppc64el.deb 13d087d37a4b804597d07b6d94658e76d960a90f37264a8c41949c9de90bbdf7 10262 mongo-c-driver_1.30.4-1+deb13u2_ppc64el-buildd.buildinfo Files: 34f4df53f60a8c027952865bc0fb5a9b 320584 debug optional libbson-1.0-0t64-dbgsym_1.30.4-1+deb13u2_ppc64el.deb 598219b1d664ed2a17d3f298b2763c29 94732 libs optional libbson-1.0-0t64_1.30.4-1+deb13u2_ppc64el.deb b526a31019b194d6c7504a083591aa60 161532 libdevel optional libbson-dev_1.30.4-1+deb13u2_ppc64el.deb dbd84137cfcd8d2c8d6b156eb2f991c0 1689520 debug optional libmongoc-1.0-0t64-dbgsym_1.30.4-1+deb13u2_ppc64el.deb 290530dac14f15437dd27fdcaec2f8ab 419948 libs optional libmongoc-1.0-0t64_1.30.4-1+deb13u2_ppc64el.deb 51718f17d77cecc2e12fee791deb7ded 527716 libdevel optional libmongoc-dev_1.30.4-1+deb13u2_ppc64el.deb c3ddf2facf64417b9d095123c8eb1391 10262 libs optional mongo-c-driver_1.30.4-1+deb13u2_ppc64el-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEySUEQfg5pZeb/U372FRWNm40e2YFAmn41HgACgkQ2FRWNm40 e2bTDhAAtp1QlE3FmIxzHKo66vOax0C+wjkDyIG+zGLqzi2SAXSTmsF9ml+//e6d xVzzla1R7kmldlAbbCsTJ32D1EkYufRfU857PsR9vTvJGSA+e+PeQx1C+uHgPz0h lISTGMAGAklOYHXFkNSgvYZxl0C6MNKiXIci3WtCoaCs7aiireC6sfvToufMxOdF mPogz4hYzlhRMSsln7n0Nyp/FDp5OzPFaEubhGy329Oa66z8m8X3nY/dg9ebnSkc wZrhuvE+AKKUKJbwrGc4gQChqFu4d+wRGYzv5D9EmCsB5E/RzvdOf8sZOJ3evehB pjlO1v4XI9cx2JPIbuPmQFdROL+tDH2OXTbgkooqEbJRysZGkz8zkLFBFO4NCYlX ObKnTNfLBUgvsaGNsWtl0sRcTWvcXGezilM8Xn2iXHBVnHAuQTQR7LH32iCInwz+ B3cbjlRZ9Vh2qfQCFq1S8mp9svWZ1XgCv/A6mPIZN6SYrQNMNNh2pQhVjFQ2DB6Z NeWwkHMISy4RkkhIEaaqajscUpsUHh4YkDu4KuO0fmxeLuNcr/+ag9LsmdcDp6De PnFb6yzets7nKBHUVNhdEKSpnx1+beyhXXUly1VRVpcb43igL+F1U4ag9Cu9P342 PUsNv/t7OB/UU0wIwLho8CkCv6DW7LCVDVweBlEXt0PYPh1Y8G0= =VYyW -----END PGP SIGNATURE-----