-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 27 Apr 2026 14:01:23 -0400 Source: mongo-c-driver Binary: libbson-1.0-0 libbson-1.0-0-dbgsym libbson-dev libmongoc-1.0-0 libmongoc-1.0-0-dbgsym libmongoc-dev Architecture: arm64 Version: 1.23.1-1+deb12u3 Distribution: bookworm Urgency: medium Maintainer: arm64 Build Daemon (arm-conova-04) Changed-By: Roberto C. Sanchez Description: libbson-1.0-0 - Library to parse and generate BSON documents - runtime files libbson-dev - Library to parse and generate BSON documents - dev files libmongoc-1.0-0 - MongoDB C client library - runtime files libmongoc-dev - MongoDB C client library - dev files Changes: mongo-c-driver (1.23.1-1+deb12u3) bookworm; urgency=medium . * Fix CVE-2026-6231: bson_validate may skip validation when processing certain inputs * Fix CVE-2026-4359: a compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause an application crash * Fix: improve handling of corrupt GridFS files (upstream ticket: https://jira.mongodb.org/browse/CDRIVER-6281) * Fix CVE-2025-14911: user-controlled chunkSize metadata from lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container * Fix CVE-2026-6691: Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic Checksums-Sha1: df7f2f4933d05cf04fdba02d6ea78e115ce533b2 230904 libbson-1.0-0-dbgsym_1.23.1-1+deb12u3_arm64.deb 59492c7dbee2081e98f8390cffff854e8b4ff978 72756 libbson-1.0-0_1.23.1-1+deb12u3_arm64.deb 2a5c384388cdc5c9642d2a7b703d414cda3a99ee 130132 libbson-dev_1.23.1-1+deb12u3_arm64.deb eb027982f60fe587b1242ed00ea5e2e3be5ea101 1231976 libmongoc-1.0-0-dbgsym_1.23.1-1+deb12u3_arm64.deb 1640dae8624869b212222c4cd9e637a7f39c0e0b 278832 libmongoc-1.0-0_1.23.1-1+deb12u3_arm64.deb 3abac1c50b6c94b8e2bc0cbf6ea70b2d4e016f6b 366336 libmongoc-dev_1.23.1-1+deb12u3_arm64.deb b6bf2e5b96eb90fda636da8d2b87e42c7dd574b9 10368 mongo-c-driver_1.23.1-1+deb12u3_arm64-buildd.buildinfo Checksums-Sha256: 5b3ea30b8adfbc4b98c7b9cdb19b750b26929a01d4981afed36ba4c9869dc772 230904 libbson-1.0-0-dbgsym_1.23.1-1+deb12u3_arm64.deb fd97d8a4ac3190bc8f9686a48b63721bf800fca148c4ae040eaccc8e1392aa2c 72756 libbson-1.0-0_1.23.1-1+deb12u3_arm64.deb 9ab373508a8af87f14418d7e0e0f5d18e8409f88f181f164d823468c6b989fe3 130132 libbson-dev_1.23.1-1+deb12u3_arm64.deb b69feb67e6aeba3f32ea44ae4d591e9d42b0688c166540175fe46ecd3e0a2fb8 1231976 libmongoc-1.0-0-dbgsym_1.23.1-1+deb12u3_arm64.deb 6a52440dfb4987c4ac35a597d8dd1d93908e81ecf4256b52ab05e3adccc4f9d0 278832 libmongoc-1.0-0_1.23.1-1+deb12u3_arm64.deb 90b5151f782f47569774ea4aa1e1d55a781abb2df4bf9f4b2a064c44ab0ccf90 366336 libmongoc-dev_1.23.1-1+deb12u3_arm64.deb 3f8e6d270e55c64699b6ef358874b978acdd0cfc7911f2d653f6d4904a5c5137 10368 mongo-c-driver_1.23.1-1+deb12u3_arm64-buildd.buildinfo Files: 6d0e8e6a159937e956eba52c353f505b 230904 debug optional libbson-1.0-0-dbgsym_1.23.1-1+deb12u3_arm64.deb f1a05dcb8c746bdca9b6a645cfaef476 72756 libs optional libbson-1.0-0_1.23.1-1+deb12u3_arm64.deb 71865b4bd679ddeaeaf0a4bb0407c2f6 130132 libdevel optional libbson-dev_1.23.1-1+deb12u3_arm64.deb 0574d1b5c36a0d437b742f0ec9b79b01 1231976 debug optional libmongoc-1.0-0-dbgsym_1.23.1-1+deb12u3_arm64.deb 4eeb80faa17bc30c94794f5e5a2f37e3 278832 libs optional libmongoc-1.0-0_1.23.1-1+deb12u3_arm64.deb fb30a09eed4c83d4bb2a09aa8595ace4 366336 libdevel optional libmongoc-dev_1.23.1-1+deb12u3_arm64.deb bc48c80f9d43ddc1dc74f79c238fabd4 10368 libs optional mongo-c-driver_1.23.1-1+deb12u3_arm64-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEYxmcRLDHP0tCCM0oScpU3dYulLgFAmn4088ACgkQScpU3dYu lLjKrA/9HcUguBk7TKEG+bIGsq2wsGn5Ym6WVofudfrcXRV91KWiBoMQTxW1UlBT fvQInD1izfTQh6ZKlIu1sXdQiG9ocnp/eBD2LigWsdF2OY4N4EgL5WcXnlB0aaTt obsZVmuiLXWyWMw/uzbAQvfWwfcDsASmD1tM9APynqw+8Hgig4wjWdYgzBhR4m+o L5mLI5NgdVh1I1SaMMtI/ZRr92qEmiLTHGg5TnX9e5X5yR1VPC9gFNGTujemTdDx HhiU4KuU/Q5Ms8/SyB1S0LkM0Mx7uBD6r50yO2VYAAwEEIBLQC3/0afQb1f8xof/ 1wNQCT++k16Nz1Dw89P3cYfXB+30A0q5Ld14pFcQNpWb1Hp/C7Dj/YinYYhmz0Xy 21ng26k6Waal5/aZ83+m6NGKap9FUtw51LBSab6wKlCOErkhJdTfMlJ1tKUVpqdy gppWbU3rROaE5j/yyGAIQUisVGSvv/vEL5nR94QMfQ59oOmE+KdldIEF6yu13hNd NC2N/AZpZYshrt/Qzu/l4tH93KOLZ6kfyksc3ifGSa0aixZTLUNJ1tcl+lVg2pjT /qErqvqH9PQtDyssaSqrjmbGmWNqjmiZlJSBnVL11g8/13fW7TdQ0hKegtlRxQTU +8w4Cmmkn4o/TEBDU1mgks0T4q/avp26UZkv7W+MPzdCxKy2mZw= =qDp7 -----END PGP SIGNATURE-----