-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 03 May 2025 16:43:49 -0400
Source: libbson-xs-perl
Architecture: source
Version: 0.8.4-2+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org> Changed-By: Roberto C. Sánchez <roberto@debian.org>
Changes:
libbson-xs-perl (0.8.4-2+deb12u1) bookworm; urgency=medium
.
* Non-maintainer upload.
* Fix security issues in embedded copy of libbson:
+ CVE-2017-14227: the bson_iter_codewscope function in bson-iter.c
miscalculates a bson_utf8_validate length argument, which allows remote
attackers to cause a denial of service (heap-based buffer over-read in the
bson_utf8_validate function in bson-utf8.c), as demonstrated by
bson-to-json.c.
+ CVE-2018-16790: _bson_iter_next_internal has a heap-based buffer over-read
via a crafted bson buffer.
+ CVE-2023-0437: When calling bson_utf8_validate on some inputs a loop
with an exit condition that cannot be reached may occur, i.e. an infinite
loop.
+ CVE-2024-6381: The bson_strfreev function in the MongoDB C driver
library may be susceptible to an integer overflow where the function will
try to free memory at a negative offset. This may result in memory
corruption.
+ CVE-2024-6383: The bson_string_append function in MongoDB C Driver may
be vulnerable to a buffer overflow where the function might attempt to
allocate too small of buffer and may lead to memory corruption of
neighbouring heap memory.
+ CVE-2025-0755: The various bson_append functions in the MongoDB C
driver library may be susceptible to buffer overflow when performing
operations that could result in a final BSON document which exceeds the
maximum allowable size (INT32_MAX), resulting in a segmentation fault and
possible application crash.
Checksums-Sha1:
241fc7f2acbb60f9ec3451fd2b731d28d982ddad 2358 libbson-xs-perl_0.8.4-2+deb12u1.dsc
899eb340f0835389b056c73a82ad21c1b51d7c93 8244 libbson-xs-perl_0.8.4-2+deb12u1.debian.tar.xz
eb5bdfd980e73405dd8553566a50fb9cfea77ab2 7419 libbson-xs-perl_0.8.4-2+deb12u1_amd64.buildinfo
Checksums-Sha256:
54cb1ec99008e7643130109a8cd33a0b529805e37670448f3b03cba5f2ae3f87 2358 libbson-xs-perl_0.8.4-2+deb12u1.dsc
13b88a7046785bc4ff52d5902d8f2fd3623fdd264946f5ca4759bb0e6b99f57c 8244 libbson-xs-perl_0.8.4-2+deb12u1.debian.tar.xz
ad1f576548d625938b259503a961fbcc75c25133369f2803fcad4252332314ff 7419 libbson-xs-perl_0.8.4-2+deb12u1_amd64.buildinfo
Files:
fafbd9a35a35dd71b426c5c758e5e0c1 2358 perl optional libbson-xs-perl_0.8.4-2+deb12u1.dsc
140b08c5fc75e597ab5b4faf4ec618c7 8244 perl optional libbson-xs-perl_0.8.4-2+deb12u1.debian.tar.xz
ce4b1a526be8a2beba43e5cc0c8bad41 7419 perl optional libbson-xs-perl_0.8.4-2+deb12u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEIYZ1DR4ae5UL01q7ldFmTdL1kUIFAmgWgO8ACgkQldFmTdL1 kUJDbBAAlYhcXQI+6G6JaYoAuwguxw+6/YhqGZR59LCvUK7nvZzqfBepF+5jl+tr uOufko+26lN479bM5CT5hepJfsF1r0OOg/5PSVpWZ5wkIIEwPYjlAffEvHvBwoyN Yg//NZR+/17kWwj7m56Cyqvjh/V1FA8dMee2ELnEB/39FPjtRK1Jk3JYm0kvVlho jtu4OWbx8q/PymaZQ7PMhfnBEYkdj50b7OZyokCIRarygsHsIliLJCe5fEEFMZE7 Ku7N0VbLJCw++GMP3F3RVuvA3OA7o2ypmFMHDIap/PNE/V+ZMaeE9tzpLhAHfVL3 0kKBtLuRs/Xft8B7ozwpolWhiaETyK0hjvabgrLUC92ApQGLdeIOu1Xpazdvlpu5 vuZDo8WSDet56ZK7/rnq4arvO+hPVzv6MCZFOLaqc5JM2MlL/a1ySQDpwmSeuiNV 3gznXsrQMpri8M+87MLPWy7TDpfBpYr/4b9AK9mi8AsDWGYScfKWNFha5ChEgzk2 9FJOdeVQMkXBaNjEanXS7dr5XeYWQ9Zg+QvGQdO+Q/jRgXltMuKUajJkbp8gaQrc Vxsl3+knroS8Zkmrs8CYYy9VKZY7u2ldBoiwYmeO7qLxC5PeugXswlj8VWiotMws Np2+JdcsJzpBV0uBW8nO/8z2CBLKi93jq54y9SQr1zdsysgBmyE=
=A2OW
-----END PGP SIGNATURE-----


--==============↕46331581838606554=Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----

iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaB0UyQAKCRCb9qggYcy5 IUn/AP9V8w8r7iR3//m5axV7hJxFuQ4tlxGJ6bTu9shO3xS59AD5AeohxJQc30Ei zP+99iYyRj+88luhe5jHm4tq6BX5WAkεl9
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)