-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 27 Apr 2026 14:01:23 -0400
Source: mongo-c-driver
Architecture: source
Version: 1.23.1-1+deb12u3
Distribution: bookworm
Urgency: medium
Maintainer: Mongo C Driver Team <mongo-c-driver-debian@googlegroups.com>
Changed-By: Roberto C. Sanchez <roberto@connexer.com>
Changes:
 mongo-c-driver (1.23.1-1+deb12u3) bookworm; urgency=medium
 .
   * Fix CVE-2026-6231: bson_validate may skip validation when processing
     certain inputs
   * Fix CVE-2026-4359: a compromised third party cloud server or
     man-in-the-middle attacker could send a malformed HTTP response and cause
     an application crash
   * Fix: improve handling of corrupt GridFS files (upstream ticket:
     https://jira.mongodb.org/browse/CDRIVER-6281)
   * Fix CVE-2025-14911: user-controlled chunkSize metadata from lacks
     appropriate validation allowing malformed GridFS metadata to overflow the
     bounding container
   * Fix CVE-2026-6691: Cyrus SASL integration performs unsafe string copying
     during username canonicalization, enabling a heap buffer overflow before
     any authentication or network traffic
Checksums-Sha1:
 ebfc58a81f266c148e3187d9faf5565ca6689c60 2657 mongo-c-driver_1.23.1-1+deb12u3.dsc
 94fdb21500c10c29220ee9f41a6c32314fe09d3c 25928 mongo-c-driver_1.23.1-1+deb12u3.debian.tar.xz
 1c11ac8ae31399d2399002d8df970b8a818cb4f2 11007 mongo-c-driver_1.23.1-1+deb12u3_amd64.buildinfo
Checksums-Sha256:
 1d6567998107d205d457b20c2245997c0e8f363537be26d4cfb6380d2822e961 2657 mongo-c-driver_1.23.1-1+deb12u3.dsc
 31831493f3a773e88bbfbe0a6db50f655f034f0fd665e486173d828e6994731f 25928 mongo-c-driver_1.23.1-1+deb12u3.debian.tar.xz
 f6574dfd355a58a806d47d24e098ff9aa281a185782c6b752300f01d1ddcf7cf 11007 mongo-c-driver_1.23.1-1+deb12u3_amd64.buildinfo
Files:
 97c586c729954502cd04ac0b51db937a 2657 libs optional mongo-c-driver_1.23.1-1+deb12u3.dsc
 36f0ce1d5416521072351187d7538201 25928 libs optional mongo-c-driver_1.23.1-1+deb12u3.debian.tar.xz
 9c95b7c8d76a6172fe166cfe0cb0fe3c 11007 libs optional mongo-c-driver_1.23.1-1+deb12u3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErGRxrVHZ9FJQQT8Iqn2S9DeBP34FAmn4ppkACgkQqn2S9DeB
P37WNQ//WeSfUyc3ZcHF48Qldxga0OEYrKtFrNq1V9cTI8UGRaoso8y6HgC+3nPI
jfenoU5QUYMWxt2C5G0DqRDfwuPZbLCHYLrVfWOzN9jYNgjvPs/j2arwNxNLfLas
brDxl78azy/qqa89b/MYtRYAvXKY1LCnyvp+g1/x1EgGbZqBHi4dy7VKFoOGbVTL
Th6EVnDZSiMR67wTPgbnTYMZtWCCISzq063jMVFeD5Q4MNMNpvvHTF/LLPYDotfy
Hm+EPIwLcsLbOb0wd0ENkrPRqG6BxvoB+4gxSIdHZlK26VduwbCTmQLeEJbvEAFN
znkB+V9jIV7MslYzJqjeHqEDqT2JIdat0i6P+jHhbOgOYA2X+3L5g0DqMMGgBFi3
3h12C+2uSO0gJpMZhoicmgOucFNYdxS+Xbr8KjQ51WfI+QWVHgbthz/HgO3ET9ZO
eRVzEGB/h/c3/XKQccF0Auhq/HzPJlBwxi1PkIdTijnDz0LXlZ00Bc5z8asTDCEs
WO/iBmhGNBTzYhyOMzTvfV3uO5JxDPQjxcvXkrEBGyIsrR5Z/NUpkTsV1s9AMWf3
DInjRpIkBHny2m9bcVJpgI8ir1ZW8YoTXEuiW/GhDICV5YCMzZck+BBrucIQ0z/j
C0nqVmLuTD876M5KwnvMNPcPNkI41+fYvxQhoqBnpAyFkfCeZQo=
=1s67
-----END PGP SIGNATURE-----