1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted mongo-c-driver 1.23.1-1+deb12u1 (source) into proposed-updates

    From Debian FTP Masters@21:1/5 to All on Sat Apr 26 20:40:02 2025
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Fri, 18 Apr 2025 16:28:00 -0400
    Source: mongo-c-driver
    Architecture: source
    Version: 1.23.1-1+deb12u1
    Distribution: bookworm
    Urgency: medium
    Maintainer: Mongo C Driver Team <mongo-c-driver-debian@googlegroups.com> Changed-By: Roberto C. Sanchez <roberto@connexer.com>
    Changes:
    mongo-c-driver (1.23.1-1+deb12u1) bookworm; urgency=medium
    .
    * Fix CVE-2023-0437: When calling bson_utf8_validate on some inputs a loop
    with an exit condition that cannot be reached may occur, i.e. an infinite
    loop.
    * Fix CVE-2024-6381: The bson_strfreev function in the MongoDB C driver
    library may be susceptible to an integer overflow where the function will
    try to free memory at a negative offset. This may result in memory
    corruption.
    * Fix CVE-2024-6383: The bson_string_append function in MongoDB C Driver may
    be vulnerable to a buffer overflow where the function might attempt to
    allocate too small of buffer and may lead to memory corruption of
    neighbouring heap memory.
    * Fix CVE-2025-0755: The various bson_append functions in the MongoDB C
    driver library may be susceptible to buffer overflow when performing
    operations that could result in a final BSON document which exceeds the
    maximum allowable size (INT32_MAX), resulting in a segmentation fault and
    possible application crash.
    Checksums-Sha1:
    aa7cf368f5bb14e1223ff8a4d4ae930b7a9cdbc0 2657 mongo-c-driver_1.23.1-1+deb12u1.dsc
    5756553c05361a0a2379534a6650ba1102006335 14348 mongo-c-driver_1.23.1-1+deb12u1.debian.tar.xz
    3e8e95c45ab3017c0ddd870f1cc4a25e1bbe5f95 10805 mongo-c-driver_1.23.1-1+deb12u1_amd64.buildinfo
    Checksums-Sha256:
    81a06ab34281cf44d12e8b1c96da606620946811695976f0323a96fec08b1a26 2657 mongo-c-driver_1.23.1-1+deb12u1.dsc
    f4cec57163d7365b165fecaaf8362f39d3ef783645d7c113e9807304b0d96026 14348 mongo-c-driver_1.23.1-1+deb12u1.debian.tar.xz
    80fa2f7d59be9fa0e3e0d2545a38b279a6a1af076867764e3fafd7c8f7860dba 10805 mongo-c-driver_1.23.1-1+deb12u1_amd64.buildinfo
    Files:
    55e027051ae5bc403c85d8ce82d8874e 2657 libs optional mongo-c-driver_1.23.1-1+deb12u1.dsc
    86f4d604e63672f588f91e2d65fafa7b 14348 libs optional mongo-c-driver_1.23.1-1+deb12u1.debian.tar.xz
    08cdab4a0e0b5656821f9b8926dc4213 10805 libs optional mongo-c-driver_1.23.1-1+deb12u1_amd64.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEIYZ1DR4ae5UL01q7ldFmTdL1kUIFAmgCwE8ACgkQldFmTdL1 kUIsXRAAm6TxoDPOJ8IoO0mGTBpEv5a3e9kM/GjMa3sLgVV0H+c0hcr1ty6itv6f EXLcKi8vF0t2iwq+329M5VjV/xKDPewHe+z2xm/8ggsOk4oitLj10QqfWSDXofJo DPTo5FczJ0iOeFaMAANylc5ZaD5c90GIY54qhH5yAB1jE9gD9FKwg5HIUKXmVJtK WwTT95eo+lKxX28mw+TgQMqfCKGDe9tL2J1a2hmFDRTKlEF/6HRmBtck+HOG0qsl dGwfny47rv9qzdsYErh8LTwhWeZ4Qa/Q0JcJ2B3BlKt6fAYIWHA2YypbSGK/9Ssl ObA/YQwQyGzG7VbhlIiNTjfN10RRKfrNRAjLto5QFNst0McDefLAmWZZVyYZqmlU 9hXcfWd9gGn10gXUAx7nQ5N0DbHgqJMrwsyEh994Ue/TchJHTT9QJ1e86IEVjmMm hlUoZ6xI9FSXlUKHKegFO4okhJ+9NfXQU0S7/cPH9iZ63zVTBKg0QBLQopLMWzXQ 40FSiK4evJrkDgOf5VYi4JCrriLpyzHQrDgndLCXlG2Kq89vOHHmXQBF+ItZ2hfX u6aEeA4L5IEEyMvxnD1Jcsg1ClNR5DCZvkb2gw0tpy58rhvRKjA0YF4mZHlAsPdS 7yBhgVeGDctIEVJ4dB3mGRoghpsn1WXpLxSFDws7s1ccRNA0Mac=
    =G10b
    -----END PGP SIGNATURE-----


    --==============456864283568981571=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaA0m4wAKCRCb9qggYcy5 IfwIAPwNfq75JSbSRSWRInl7bV0D05pzNacuh1YXxZGK99iTmwEA4+rRm+7wtR1a JzN4kmdO7a7nXap8z9ngULfbdO/S2AQ=kobB
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)