-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 03 May 2025 16:43:49 -0400 Source: libbson-xs-perl Binary: libbson-xs-perl libbson-xs-perl-dbgsym Architecture: armhf Version: 0.8.4-2+deb12u1 Distribution: bookworm Urgency: medium Maintainer: arm Build Daemon (arm-conova-02) Changed-By: Roberto C. Sánchez Description: libbson-xs-perl - Perl XS implementation of MongoDB's BSON serialization Changes: libbson-xs-perl (0.8.4-2+deb12u1) bookworm; urgency=medium . * Non-maintainer upload. * Fix security issues in embedded copy of libbson: + CVE-2017-14227: the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as demonstrated by bson-to-json.c. + CVE-2018-16790: _bson_iter_next_internal has a heap-based buffer over-read via a crafted bson buffer. + CVE-2023-0437: When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. + CVE-2024-6381: The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. + CVE-2024-6383: The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. + CVE-2025-0755: The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. Checksums-Sha1: 54f2a8b17f33b7c7fae656ce86f660a59ca10a00 191624 libbson-xs-perl-dbgsym_0.8.4-2+deb12u1_armhf.deb 4ebb9ced46b1a26f4d3165b70b03cbff977ea3de 7227 libbson-xs-perl_0.8.4-2+deb12u1_armhf-buildd.buildinfo 7d67371311a7a4e633b518461d5bdd8adb43e12a 60840 libbson-xs-perl_0.8.4-2+deb12u1_armhf.deb Checksums-Sha256: 9e6c9e780493ffde31db8f88c7861af61863e5174005178e6ce5265a0b09ea36 191624 libbson-xs-perl-dbgsym_0.8.4-2+deb12u1_armhf.deb 0d4c19efc17eeee3ca50f4715b987a4456cb6f4b667ff4ac5c93834dc89f2bbd 7227 libbson-xs-perl_0.8.4-2+deb12u1_armhf-buildd.buildinfo abd07acc9efae1c4bb98dbd5fa321f763a5c64ae376654d20d94ec7a5b46351b 60840 libbson-xs-perl_0.8.4-2+deb12u1_armhf.deb Files: 8246b1f1423f2f9820b2f1cf55a42c6b 191624 debug optional libbson-xs-perl-dbgsym_0.8.4-2+deb12u1_armhf.deb 6ac5cfa9fc332c13f6207ba06e75d6de 7227 perl optional libbson-xs-perl_0.8.4-2+deb12u1_armhf-buildd.buildinfo c237870bbfbc52e0b6189138912927d2 60840 perl optional libbson-xs-perl_0.8.4-2+deb12u1_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEKAzExpjGvTI78ZO8LARVyvnD3xkFAmgdGiIACgkQLARVyvnD 3xmn0A/9EpukWB9FeiJz4OoyJZ2AhYuqO/Cj8MBYjXCYuEOYygdhDLgHZ+Vq3FP3 fdlACupZ53+zsndOrLUTYzOtQBAqf/vHJqbBLhxMLsCh3IDr/4l47M5tJgi2EcAO DFUJP4JaKBwJM0+YsBsi/ui6aRe53+s6/5ZbC2WDOcmH47TDJQ7tyZLHIdyKqsJ0 wTr+HtvAszNoZpgMpdRnqWjasr67uxjzbWI8CvaRNBMdTL7Ag5cV1IQA4zdTvDg5 lp0q6II2Umn2Mq9d9YrmLy45yTZsl8xGbF+pIiYvAVclGiFSlJ1RC9/rbOVbiY2J HQZpQtdvMapvXWxfQ+uc7ARBRxnhMJhZZ89mZGl5JK81Kj4qjWanUH015mQMYYG1 B6yJ7MU5FBBL9ymnxwAieKZNHVQI/Bmz7MYQY7DzAd8YpoVDSTL/eXMXzbPQQ2Y5 B7XieDGKCqkNRQm2W5f4nrB3+x9ltOYbVuwDaxAu44SsWNsNzuitfFi/XRyZ+qYQ mtd0gmxjpEpzc2Gvr8465049jwytaaRSF878tQMkw7VkeVao0+I6QwW8prSpgJwB nv7izt714b377fQUmRszLotl36RI9b6T9s9LjnPGuEEOzLF2xO6n9CNgJDxwwol+ Sn1WgPvEboUB7Y9IeN1FVRtdC4u7xkpWdkvdXDQM359S6babceo= =f/iS -----END PGP SIGNATURE-----