-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 03 May 2025 16:43:49 -0400 Source: libbson-xs-perl Binary: libbson-xs-perl libbson-xs-perl-dbgsym Architecture: mipsel Version: 0.8.4-2+deb12u1 Distribution: bookworm Urgency: medium Maintainer: mipsel Build Daemon (mipsel-osuosl-05) Changed-By: Roberto C. Sánchez Description: libbson-xs-perl - Perl XS implementation of MongoDB's BSON serialization Changes: libbson-xs-perl (0.8.4-2+deb12u1) bookworm; urgency=medium . * Non-maintainer upload. * Fix security issues in embedded copy of libbson: + CVE-2017-14227: the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as demonstrated by bson-to-json.c. + CVE-2018-16790: _bson_iter_next_internal has a heap-based buffer over-read via a crafted bson buffer. + CVE-2023-0437: When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. + CVE-2024-6381: The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. + CVE-2024-6383: The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. + CVE-2025-0755: The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. Checksums-Sha1: f1a26d80c9c165d2e072d3434e6782933fbec572 190328 libbson-xs-perl-dbgsym_0.8.4-2+deb12u1_mipsel.deb c31ee4f7f6df9379020afd8ed6e67754d0a3dbf0 7181 libbson-xs-perl_0.8.4-2+deb12u1_mipsel-buildd.buildinfo cacd99a5ac3637bebabfabc6aa1f48a4de1fb352 60816 libbson-xs-perl_0.8.4-2+deb12u1_mipsel.deb Checksums-Sha256: d5692234495857cc0acaa8d3d827fb0ae696c16153b26cd810dd6a911de79d02 190328 libbson-xs-perl-dbgsym_0.8.4-2+deb12u1_mipsel.deb 20725b2000b195d6beb4918a306b4d9ab82a4d3850160a1bb696a8b535d45fa4 7181 libbson-xs-perl_0.8.4-2+deb12u1_mipsel-buildd.buildinfo 5cd2b27c346ea41856c539934fba8a0f4d33fd5c9c1ae5aa3e813a8508886262 60816 libbson-xs-perl_0.8.4-2+deb12u1_mipsel.deb Files: 3154997e668cff17351de22b3d4f510e 190328 debug optional libbson-xs-perl-dbgsym_0.8.4-2+deb12u1_mipsel.deb 248ec7ca1653fde8e0b4a66fcbc43d53 7181 perl optional libbson-xs-perl_0.8.4-2+deb12u1_mipsel-buildd.buildinfo 2715c4c6a20446d087de3dc97f611ef3 60816 perl optional libbson-xs-perl_0.8.4-2+deb12u1_mipsel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEYLhEzFkGpb3yYRVHmlVdU6AM9BUFAmgdHDUACgkQmlVdU6AM 9BUprg//UaEexDWsN0a2OPfL07n8JqlnDYjgZiaDaB6IC0DogdLiLokQ0jx+LoHU dAry+oG9MreeUsGqgkyrwsFA4m710qWqJYqxzSn57t9/egl8uLgMhB7+h43RVkSu rf9dRhNftamdKWhDDEK3SJMAbAA1ZwUExZvGByGmqvU1h7afGRNdLzgURgxYGYzt gTlhEwhnru8nuq8639SKfYI4EmxkePgtG6xFA86pSeCsRL3xBrGirgxEdI+VxJ7x VraSi1hU69dros+Ib1a1+cOmkCqhYFOA51NVTxMFLYzdrnPlm1eHj4K3ReXxGGYt 3n1epr47TXS2JSzY/SWasmBuJn9iFxvl74OrTVJnRM/7s/DtOU/zOiCNUlogpjAl 6Ut2Jg+glJqqRl7EEcqra2eKwcHkMWIMztbRrUcjaBzqdli7lVY26Xiz546ihruA DwY5iTtgTDR3i5/f4NWDa2dfpnBkeLbyhk9/YLvfzQd3Bh39/1/LgiIgtWQQuDn1 4uED1sqqZktyzLGLE2m4Sm5y/knvd1iKqXh74BSjC1dUDBDs+LHzu/ZhFvGY1Mwl s6YZlViKGNADRGpUPjeUzqvUdrq4c7DPN7eIPNP+iOKx1lW02zyovnCoS6Qgcmqk 6Tvt0vA4eO1+SZmxyO2rWPBjfCCjWlvPPzWMcI0EDHrTH6pJNow= =Oe0J -----END PGP SIGNATURE-----