-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 27 Apr 2026 11:48:27 -0400
Source: mongo-c-driver
Architecture: source
Version: 1.30.4-1+deb13u2
Distribution: trixie
Urgency: medium
Maintainer: Mongo C Driver Team <mongo-c-driver-debian@googlegroups.com>
Changed-By: Roberto C. Sanchez <roberto@connexer.com>
Changes:
 mongo-c-driver (1.30.4-1+deb13u2) trixie; urgency=medium
 .
   * Fix CVE-2026-6231: bson_validate may skip validation when processing
     certain inputs
   * Fix CVE-2026-4359: a compromised third party cloud server or
     man-in-the-middle attacker could send a malformed HTTP response and cause
     an application crash
   * Fix: improve handling of corrupt GridFS files (upstream ticket:
     https://jira.mongodb.org/browse/CDRIVER-6281)
   * Fix CVE-2025-14911: user-controlled chunkSize metadata from lacks
     appropriate validation allowing malformed GridFS metadata to overflow the
     bounding container
   * Fix CVE-2026-6691: Cyrus SASL integration performs unsafe string copying
     during username canonicalization, enabling a heap buffer overflow before
     any authentication or network traffic
Checksums-Sha1:
 5102d984f40f6cd7e20c345d277e1623eb9d99b9 2734 mongo-c-driver_1.30.4-1+deb13u2.dsc
 6d983caf14e3b9f99ce70a966a17b08fea3942f0 26972 mongo-c-driver_1.30.4-1+deb13u2.debian.tar.xz
 bc1fbe4ea435d92a6f6a1384cfe69bd556cc1fc4 10794 mongo-c-driver_1.30.4-1+deb13u2_amd64.buildinfo
Checksums-Sha256:
 76903fa51ddb1bcff33247c3904d12db6e4ce4eb47aca1468a9675574c1987a4 2734 mongo-c-driver_1.30.4-1+deb13u2.dsc
 d805072c2727a62efed355a149a654149f75ac08981ba3a8df2bf9842f109dde 26972 mongo-c-driver_1.30.4-1+deb13u2.debian.tar.xz
 b3d69e39a7a3ca35dd4a0d66d1d73fa820915f20b50a16e1d5e1372c37e12933 10794 mongo-c-driver_1.30.4-1+deb13u2_amd64.buildinfo
Files:
 8972a9955b74a874d2b94455df054bc0 2734 libs optional mongo-c-driver_1.30.4-1+deb13u2.dsc
 dbb206651a5b4f323a39fac4fa9eda9a 26972 libs optional mongo-c-driver_1.30.4-1+deb13u2.debian.tar.xz
 f93724158541952c54d94a78145dfd82 10794 libs optional mongo-c-driver_1.30.4-1+deb13u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErGRxrVHZ9FJQQT8Iqn2S9DeBP34FAmn4pn0ACgkQqn2S9DeB
P37uoA/+KIAc+IBkpI18jPzxEShtDeMO9QQTPi7p8sqLkUTOSL9quPPEzTFLIcW/
7Jsl92ULIWApdOCjEPc5QsJ9iFkMDD8Qamsj8QtpRQmBKdklAI+oBkEW4tOaTOzK
HKQ/0HX1OGqJX8N8YrUJ5OyPhOTS/kH1ygk5jVXjvAPV5GS6rtgtpw6O/I+f6OeM
T+cfmB62qKAbEPUAvoSPTPHFQGVoakJ2tf3Z69TRTndTAfqSlNXPBZ9kd/v6aiI9
1s/H9v6Ho7S0Bmy2yRmkXzoqcB5JdwoIOJApr25hLheTo5Isk1sAfOj6Gvfr1rAV
dllboyWtPXNk1PKrSflrvnNXd6t/WSKScyYQvqErJuM0XeskcotHvnfu9en8px+q
6WLTLe/4oHE6Nrk66iFwOg/gyC5refM/Zf2bKnsVBOZIkdFFX6oHcur1zkonA8hE
OepxjouKeTlZ6fRzGH1Xce0ajI5mhfUVuuaWFv78kyOUty5bRit45KmdkjL8Q4ev
FT5Sg0tN/YpF7XfqTWhFliwGiOvOq/zHZcCjbHACLHrGn0O8drBoOHXwbRhyIV1i
eDNR4bolWFYxJZ5jOkiduK/Moq3Q2zsNHaeLpNHASPsT3VCDB71Oqh3OR62UFv4P
UtwBzuxeS5kAiEfY0moF7N4KReSSpS18qaxxfeZVWtaBrqMg4Q8=
=F+vk
-----END PGP SIGNATURE-----