-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 27 Apr 2026 14:01:23 -0400 Source: mongo-c-driver Binary: libbson-doc libmongoc-doc Architecture: all Version: 1.23.1-1+deb12u3 Distribution: bookworm Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-conova-02) Changed-By: Roberto C. Sanchez Description: libbson-doc - Library to parse and generate BSON documents - documentation libmongoc-doc - MongoDB C client library - documentation Changes: mongo-c-driver (1.23.1-1+deb12u3) bookworm; urgency=medium . * Fix CVE-2026-6231: bson_validate may skip validation when processing certain inputs * Fix CVE-2026-4359: a compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause an application crash * Fix: improve handling of corrupt GridFS files (upstream ticket: https://jira.mongodb.org/browse/CDRIVER-6281) * Fix CVE-2025-14911: user-controlled chunkSize metadata from lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container * Fix CVE-2026-6691: Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic Checksums-Sha1: 3f314e085c7a6b766ed4b7ae48b695f70cece388 443764 libbson-doc_1.23.1-1+deb12u3_all.deb f4a7a240145d21ac984be4aa8f6681c8d7001316 1241776 libmongoc-doc_1.23.1-1+deb12u3_all.deb 288a6254f0fc828392feb563600f8fd376a7533f 9070 mongo-c-driver_1.23.1-1+deb12u3_all-buildd.buildinfo Checksums-Sha256: 07e94950461b3c6717db1e116498a6668aab58a2cbaff45ca7d799b3bf47e5bb 443764 libbson-doc_1.23.1-1+deb12u3_all.deb dc83102aacd0aab6baa51fa1e186695634df9af240888bec5290f97f7f0414ba 1241776 libmongoc-doc_1.23.1-1+deb12u3_all.deb 156ae6a26bc3b04600bbab26fa652a976a3a1d6a85494f84230ea0042f87df50 9070 mongo-c-driver_1.23.1-1+deb12u3_all-buildd.buildinfo Files: 4c519efea99d22c7429512bd20c7691d 443764 doc optional libbson-doc_1.23.1-1+deb12u3_all.deb f98e7e1164adbff8c46bf50eaef09c23 1241776 doc optional libmongoc-doc_1.23.1-1+deb12u3_all.deb b633adc32c8d7e6d6bdffcd6d455466b 9070 libs optional mongo-c-driver_1.23.1-1+deb12u3_all-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE+i/sCsF3puL4e7qIGNGWmfrqILEFAmn41B8ACgkQGNGWmfrq ILHF7BAAsCbJ1jA8SvWWIEdPesfjLwYP1X1CKfr5eNwpjHUPvzRYiWAS40zaVcDY sytsfgNm5LpXpRj/UZpwJwQc0XYCNNHdRH6U2Zso8iZb5fHVhBOsCVuhLbmG01ez oTcoCHQXfHaRGDb7ncvXLragxvdiUek8ZkdrlLyJQyygpauZvfgeKU8ubarCleDo O2P+Sv15Z3To5OAjqWQGtjD/2bvHRPgHNOrGzUJxn6BNVfiyu9/eAoitsY5eessJ 2uqXaBa/j6p8EBYTANGLGBwE3N20YR+DoPk9/8kSDdDo1OG5XsW9goul0un1AY0c FXALrrrSveb1G2FaTHBlNa7BzQS5D6RCaityagWU0ll6geuaQKMqMnb5FLSlC/Ua BZ8LMv3CmLp2NoduH87vUDijFcpYhimVg7M8scCmOJKuN9Xssxh+xBli9dU+u0k4 YDXsaFsXbmaIotCmL+7Ec8KIXUifefiwnqQocUCEJhnFPh7yjgSGcJD9WmlfVWyX gBzmdKgyaUMPU+84vkz2Bo2fXw+mdhtrHNjQZWFxsDvJPKberBPATbL2my5PyWD+ iiRJwFY0WVWxK/fIC5t20Ty34gJllmyWp97LnSNzSgeMz5xwblph2PTuwn6IWMez LY/gUAKU4sJJFZ7oMcXbtfe0qjUtMN38m5+zhdvq2LoPdXVPSq4= =DbVu -----END PGP SIGNATURE-----