-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 03 May 2025 16:43:49 -0400 Source: libbson-xs-perl Binary: libbson-xs-perl libbson-xs-perl-dbgsym Architecture: amd64 Version: 0.8.4-2+deb12u1 Distribution: bookworm Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) Changed-By: Roberto C. Sánchez Description: libbson-xs-perl - Perl XS implementation of MongoDB's BSON serialization Changes: libbson-xs-perl (0.8.4-2+deb12u1) bookworm; urgency=medium . * Non-maintainer upload. * Fix security issues in embedded copy of libbson: + CVE-2017-14227: the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as demonstrated by bson-to-json.c. + CVE-2018-16790: _bson_iter_next_internal has a heap-based buffer over-read via a crafted bson buffer. + CVE-2023-0437: When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. + CVE-2024-6381: The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. + CVE-2024-6383: The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. + CVE-2025-0755: The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. Checksums-Sha1: 7cb5d69edff04a6f54d287616b296397a78f2a46 187424 libbson-xs-perl-dbgsym_0.8.4-2+deb12u1_amd64.deb d3e9fc38a583dd42cf7dd7e0f1a68b6efb3eb132 7352 libbson-xs-perl_0.8.4-2+deb12u1_amd64-buildd.buildinfo bb5175a0fe90ba164cb075f374dfd2f22cfd9463 67192 libbson-xs-perl_0.8.4-2+deb12u1_amd64.deb Checksums-Sha256: be37c3328d4e502cf98332fc1b7cb78e5ff0e4f66baf346f4c3fa6f45815d68f 187424 libbson-xs-perl-dbgsym_0.8.4-2+deb12u1_amd64.deb ce26fe3850b08ce5e2d396db6b056df003af4cce4a609d465a7e4a44fc6379c4 7352 libbson-xs-perl_0.8.4-2+deb12u1_amd64-buildd.buildinfo 32ef1c3d42ef08712a56c10c341ad5ec5bf0e36017e690729102579a5173f32d 67192 libbson-xs-perl_0.8.4-2+deb12u1_amd64.deb Files: e1ce3a2c64c2b89312a3f2bfec695e34 187424 debug optional libbson-xs-perl-dbgsym_0.8.4-2+deb12u1_amd64.deb d85074f418e00a5941ee312ffd4c76b0 7352 perl optional libbson-xs-perl_0.8.4-2+deb12u1_amd64-buildd.buildinfo 61aeb877826f9875540cddee6c0b38f0 67192 perl optional libbson-xs-perl_0.8.4-2+deb12u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEaPzFtKPtF0JrKPV5iZlfn74WV6kFAmgdF/IACgkQiZlfn74W V6m9kBAAnTSNVm0H+1G3Y6CCiSM+i3S24iGEw4mXmQpJZQ8+4DuuWR9sKUmiyESR 7jQ6nhk/wgtPdZyeb0MW53E5NK9c6kcaiBLx9np9s9+1L34+/63RVUTouJTpTnh0 3cKLwb+Ce6bnHTXsJsUVEBQntfHUB+Tj4DmVIneFAxiDMINKrezFjeoKvxe7IsXY qTvh0t7REY23yzvQyT4uLRUyOB5bAwC38OWTNtYZIKl4RSOkY7r22Pg0gfoRH2b8 Tcf4NA6M7bf+9w4RK8B2fHVjM84srLmrjwbKTBebzi6crsRQEDNXIBMmhEWe46P/ jtLJHbqHOJgP8fBZiF2b83bSrfv3kK9rCHyqORYQPH/NMs9TXo2ECCpEDVTNahx1 PsK+5Qo6g0sDTnlpie1W+i3Vh+jOE0wpLim3Kacx3sPOJPsCuj89XYW1d20NPzk3 FGIaYXqSrIfBZW3JaHJvFN3cXFhExbiaEtm6FWnQkTrmtY7M6JSsAvq+weI/le7R VpYxiCmH/NmtZq2HW3+op0AnHXa2A6rmzIclTFikwWdM0m+FgCfDjB8izmZaw3q5 JD4AXtRj34IhzpvLdxpf7B+8Xi3fUyNypNethpru/KopNVqUCL8dQ7B73oTv7Vc8 uef2zBVEroMDUVRKJcu3W9TdgxvxCHc1acLCPNYjEHroXNvimg0= =NsFs -----END PGP SIGNATURE-----