-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 03 May 2025 16:43:49 -0400 Source: libbson-xs-perl Binary: libbson-xs-perl libbson-xs-perl-dbgsym Architecture: mips64el Version: 0.8.4-2+deb12u1 Distribution: bookworm Urgency: medium Maintainer: mipsel Build Daemon (mipsel-osuosl-05) Changed-By: Roberto C. Sánchez Description: libbson-xs-perl - Perl XS implementation of MongoDB's BSON serialization Changes: libbson-xs-perl (0.8.4-2+deb12u1) bookworm; urgency=medium . * Non-maintainer upload. * Fix security issues in embedded copy of libbson: + CVE-2017-14227: the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as demonstrated by bson-to-json.c. + CVE-2018-16790: _bson_iter_next_internal has a heap-based buffer over-read via a crafted bson buffer. + CVE-2023-0437: When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. + CVE-2024-6381: The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. + CVE-2024-6383: The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. + CVE-2025-0755: The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. Checksums-Sha1: 5c1d7aaf736663a371bf0f965a71b7477d98ee6d 188644 libbson-xs-perl-dbgsym_0.8.4-2+deb12u1_mips64el.deb 909d9756210d47a35eb858188a8b4cbc089da6a7 7204 libbson-xs-perl_0.8.4-2+deb12u1_mips64el-buildd.buildinfo b04388c1c9004afa5222800bb4db83753a04d14f 58696 libbson-xs-perl_0.8.4-2+deb12u1_mips64el.deb Checksums-Sha256: 3af3f1a02f13a15b4da4e386ea1f74f5d81870c5f0a79b93eb0627d0de404700 188644 libbson-xs-perl-dbgsym_0.8.4-2+deb12u1_mips64el.deb f1b5c667a16386c37bb07a4e557e130e5c340e53b47d958e19d799639a59ac78 7204 libbson-xs-perl_0.8.4-2+deb12u1_mips64el-buildd.buildinfo 5d3a0c7b50189a611503dd891eb835e7fa51d2604043c863f5ddd0fd542a9463 58696 libbson-xs-perl_0.8.4-2+deb12u1_mips64el.deb Files: 4c9db22e0fe81afad6e4e449f614bb97 188644 debug optional libbson-xs-perl-dbgsym_0.8.4-2+deb12u1_mips64el.deb 4ac69c6b72184038aa67cd80ff198f0d 7204 perl optional libbson-xs-perl_0.8.4-2+deb12u1_mips64el-buildd.buildinfo fbdde95ec2a6e06125d3d036bdb9ac50 58696 perl optional libbson-xs-perl_0.8.4-2+deb12u1_mips64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEYLhEzFkGpb3yYRVHmlVdU6AM9BUFAmgdHIcACgkQmlVdU6AM 9BUwaQ//aM3qkJucTVAsJLc/suMXX/4UKcButNJExPIKqGYl3clZ3gWHU990dh9u STL2VYi2kdkIDDNMkMWwhiPXJlH5JArvCotn+TOZTqZYLSMsH2msOUCSUjcGDDC9 4ZffodwtRiyRsfMMz4EvA5sGGA2Cj+JDDakbfDq2mHDknrvS4QknZ1VUMuvIeVOh HzD8ugPYKN+RDnKmHElFcDKjqw6GODayk9AWvIICO69q3v9GiBW3YxmbY9HwpcLp 5WBt5n4OhSxDgRxI21MVFCNASpsIzMf5F4XVyuHsmnEb26RA4pCQgYVC/5GWe8ZK bOtuBzmw+ZJjJO8XhLqvuDvGRNefeFDbJVQ0V+bO5F5GYiMIv30zeWRC7GyQO64n TpV7eRPlRU7UaeMsqPvB1ESrs/hen0r250bg/eoGr8iBw5voInqhYgsSMBfcOXzJ RA2PeyGn/5LlX9A6gYFhx9nUTotlCcuTleuoqCFy8E3+fme603yBH6oVvgN1KMlP bUQLb3f5TqDcSuMdHa53xg7rozeCBSzgS2h98hfga9B7G6c8J8Ts9UgeRctAZj58 e2geaorOEDK/EAOd0D+BgjqJmYNFYfYLBGMtNpayeQzKNwEO3W5tmphpGA/o7WS5 CAj0nlHX1W/ATWF6LbqTnNTttIj4pcMYN5gYx9OgLafl6kLYtMU= =sBhh -----END PGP SIGNATURE-----