-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 27 Apr 2026 14:01:23 -0400 Source: mongo-c-driver Binary: libbson-1.0-0 libbson-1.0-0-dbgsym libbson-dev libmongoc-1.0-0 libmongoc-1.0-0-dbgsym libmongoc-dev Architecture: amd64 Version: 1.23.1-1+deb12u3 Distribution: bookworm Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-grnet-03) Changed-By: Roberto C. Sanchez Description: libbson-1.0-0 - Library to parse and generate BSON documents - runtime files libbson-dev - Library to parse and generate BSON documents - dev files libmongoc-1.0-0 - MongoDB C client library - runtime files libmongoc-dev - MongoDB C client library - dev files Changes: mongo-c-driver (1.23.1-1+deb12u3) bookworm; urgency=medium . * Fix CVE-2026-6231: bson_validate may skip validation when processing certain inputs * Fix CVE-2026-4359: a compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause an application crash * Fix: improve handling of corrupt GridFS files (upstream ticket: https://jira.mongodb.org/browse/CDRIVER-6281) * Fix CVE-2025-14911: user-controlled chunkSize metadata from lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container * Fix CVE-2026-6691: Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic Checksums-Sha1: 362b3a93842154cc40fbd9b134aa3acc99652f0f 223024 libbson-1.0-0-dbgsym_1.23.1-1+deb12u3_amd64.deb a5b35a3a22c50d643758dfb6ee2cbdf4c78b7afd 76920 libbson-1.0-0_1.23.1-1+deb12u3_amd64.deb fe489ed3022d556e1a59f9554d717ab4fc1adaf5 130604 libbson-dev_1.23.1-1+deb12u3_amd64.deb c802c775858392f81983788a0065f7cb6cad322b 1232904 libmongoc-1.0-0-dbgsym_1.23.1-1+deb12u3_amd64.deb adb678ce8b9f15bf8dfebde4e1b8a5e9bc21e30e 306708 libmongoc-1.0-0_1.23.1-1+deb12u3_amd64.deb 955e97d2f8b6d531deaee5d711043bf17b9e05b5 366320 libmongoc-dev_1.23.1-1+deb12u3_amd64.deb f8615ffe861ea0174787f5b9b2a50527a4d956f2 10353 mongo-c-driver_1.23.1-1+deb12u3_amd64-buildd.buildinfo Checksums-Sha256: af58a6a3be6f04fe78ae8ab2301d2671708d5a8d48265162c1fb6319ee6900ed 223024 libbson-1.0-0-dbgsym_1.23.1-1+deb12u3_amd64.deb 9b97d0468fdb7567a3cbbc6c29459a32e51f54d6e3f3f2ee7d119f3f8587cd36 76920 libbson-1.0-0_1.23.1-1+deb12u3_amd64.deb 6a35de95dc99961a9a224e52a0f1a83e3e61bd59cb270f517433398be7489ec5 130604 libbson-dev_1.23.1-1+deb12u3_amd64.deb 6a5b0da877f9052dfa0fee2a79ecd69173f6f14c50b4848567a9d64a37b92cbb 1232904 libmongoc-1.0-0-dbgsym_1.23.1-1+deb12u3_amd64.deb 8fcb7702f39b75eb2bb289065e324f00adeebfddd171d6e09f19f3d4f3988005 306708 libmongoc-1.0-0_1.23.1-1+deb12u3_amd64.deb 77cb60f610a09cd52165bcb4fcbecd5befe381c6e56f377756c708dc351baf24 366320 libmongoc-dev_1.23.1-1+deb12u3_amd64.deb 0d3bb9c3f022676c5f99b43fa4ac5498b2f48590c0c12b20b95f34a8982392bb 10353 mongo-c-driver_1.23.1-1+deb12u3_amd64-buildd.buildinfo Files: dcefec9723f7004c2d3f45653f1e5ad1 223024 debug optional libbson-1.0-0-dbgsym_1.23.1-1+deb12u3_amd64.deb edcb731542fe25552dece32a3a9bcaf8 76920 libs optional libbson-1.0-0_1.23.1-1+deb12u3_amd64.deb a03a8b6f44d88e306036de2cdf8f0b90 130604 libdevel optional libbson-dev_1.23.1-1+deb12u3_amd64.deb 61e1c8ea1f5c0ecaae14f1471e2e2429 1232904 debug optional libmongoc-1.0-0-dbgsym_1.23.1-1+deb12u3_amd64.deb 389f0f1ee7610e5de0b7852b1a5b1434 306708 libs optional libmongoc-1.0-0_1.23.1-1+deb12u3_amd64.deb 17945de78b9a929b8a74a3779d82423b 366320 libdevel optional libmongoc-dev_1.23.1-1+deb12u3_amd64.deb 5adbc6df99eea1f5a5d13cfc3a15b608 10353 libs optional mongo-c-driver_1.23.1-1+deb12u3_amd64-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE5ZI1lXv5WjhHIVjsN8Ugyu9dQiQFAmn409IACgkQN8Ugyu9d QiSccg/+LT4W5UQkJmPK7hVNVQEZgpUC+rROW2fjipJuFQ72CrKXIaEHz8nhHYDB /cjOICPUHGbSkvU4SYDftTMxcMtBEhKXPIvl/Dx7PUyRLBNhiTrKd8q4Mt9lch1M u8rDDrSdqU4v8qmtKpRcvctyuOTp3dKCzZvxhNAgApEshy3A2W5imZYkM8ScRkrV IBhuz8Sx95kb8t9OC27KLBA2CGqd5Zn2zuR1nDZzNuUVuy/ZvJ+pLZ4uDW9MO0g1 IDvYaZ63LKk4+zh0VC54pVO6czRKKOculhVwaBEgQRO4DRgogd6ZTd6gsvfYjXHv oBJsz7hpPoAIZy9VF+UN1sktmRjxPupwi1//zDG00IranDcylxaPhmj5jn8taOSo N74DSYhBsW4CtkpNXipxkQy1q7Pl2N59jRixRJsk1O9oi7PH1ET5Hej2csr85Akj NQqbjKvAMmmSWUvSD0PKrOnD6BBCl7tJSuDoIFj0OwULocZQHMvlhqLjMCGWIsrA Ckvwfs82+By8Tp/mfILcptNXH/kXvstjVqGPGkHpsTnakJNIv4bXpiYmt5tqGJcC jWm9DoND7PjCsCeVS5eQyibrLA+y42z3vb0Dzup9qrm9cKfPgOQXTkAFYsQaMWAj T/WUlj68HhdXqaN53mXHgAlZ6QjSBj0OXY7nQBBVCZLcOpZKbwo= =GbyJ -----END PGP SIGNATURE-----