-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 03 May 2025 16:43:49 -0400 Source: libbson-xs-perl Binary: libbson-xs-perl libbson-xs-perl-dbgsym Architecture: armel Version: 0.8.4-2+deb12u1 Distribution: bookworm Urgency: medium Maintainer: arm Build Daemon (arm-ubc-01) Changed-By: Roberto C. Sánchez Description: libbson-xs-perl - Perl XS implementation of MongoDB's BSON serialization Changes: libbson-xs-perl (0.8.4-2+deb12u1) bookworm; urgency=medium . * Non-maintainer upload. * Fix security issues in embedded copy of libbson: + CVE-2017-14227: the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as demonstrated by bson-to-json.c. + CVE-2018-16790: _bson_iter_next_internal has a heap-based buffer over-read via a crafted bson buffer. + CVE-2023-0437: When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. + CVE-2024-6381: The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. + CVE-2024-6383: The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. + CVE-2025-0755: The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. Checksums-Sha1: 9a8ea8072481d3198a92509282ba0cf6f9677826 192488 libbson-xs-perl-dbgsym_0.8.4-2+deb12u1_armel.deb a1775fd18af094f8d7c171bfbfc9f24a83acea52 7225 libbson-xs-perl_0.8.4-2+deb12u1_armel-buildd.buildinfo abd9f1125826e48f7ec0ccefd88493510fc8bdab 63548 libbson-xs-perl_0.8.4-2+deb12u1_armel.deb Checksums-Sha256: abeab9b99ca923f75653d3b59ce4cbf8bbd7af5b5ede88b943f77f6fecd4be1a 192488 libbson-xs-perl-dbgsym_0.8.4-2+deb12u1_armel.deb cb206ab9735eb39292fc2f7798adecb69a3357fb7085276c02a83170d01926b5 7225 libbson-xs-perl_0.8.4-2+deb12u1_armel-buildd.buildinfo 5f49119c00d2b7882d4ec1bcc12757b3e7edba7200f66f18ed101365220c4435 63548 libbson-xs-perl_0.8.4-2+deb12u1_armel.deb Files: ea9c0fd015b92b9731560f561373f9a2 192488 debug optional libbson-xs-perl-dbgsym_0.8.4-2+deb12u1_armel.deb 772d39b4edd5944688beebffe0e1c92d 7225 perl optional libbson-xs-perl_0.8.4-2+deb12u1_armel-buildd.buildinfo 7254f38f8f2f63df1972a1985dbbb9ff 63548 perl optional libbson-xs-perl_0.8.4-2+deb12u1_armel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEq41qkgEcGaML+/CnCr/D/stJkDwFAmgdGewACgkQCr/D/stJ kDwarQ//Qvz+en4pZc+C3Wx+hJ6aLeIhuBQNcVuKVdeg6N5439UDOLLTSzpIaEU4 DcbEjiupni8N2VpSLnwVZnzGxfmiqX5BcV8WDVMULKj8K22/+AmdAPAF1iw7bjzw n6I4ghv6o6S1HbyyJ6kRXFCxjzhqdRw7wQoAMBJIUAhblBSEu9IMAaFcSX3wKslL Hx79JQBm0MkjLobm5eHcf3UQoNrQbnL1k8icoY6jqK4+mEg+vC1+AoLHuChH3Vut TIWOsd4oGXUuEI8p41tDD3hi8jHl7xdXR0yxUaDv//aXvyBVeuxVkBCLP/InVTPs aOzei0B9kD+25CF4T5dspJZ7SFgAvWnkumLZXpPJH8CiHhNJg6fUVUzA3mFXOwVK VFta/PWLNr0D0C7s9mDEZ5VX8tsF8wdw/HbNS3ooxt8tD1G/7ZYkFYpu35bjN0R6 4Xp20NS6Wvi5JOoV/voNFLKQHGT5ZthvWkoc86+YvsfRKyYxIby6Pu8AB1XSXio3 RoZipuxgkke5P08fv1UVogXeJvBlPYpNGqIwKkxbiEJ66w3dIG0z8FA1XdtBUGwH TlIqIcbwdLch/TzdhRf1fhBXEfrza4+1O7xDO3TbAzW2FCFTcEwBy3mFnigoN0Xj hnZ2tXZdAu/Zi+OREMi0xDjYH3Qu6Z6gMqD9OXVSyHwQ58EIVIM= =5CKS -----END PGP SIGNATURE-----