-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 03 May 2025 16:43:49 -0400
Source: libbson-xs-perl
Binary: libbson-xs-perl libbson-xs-perl-dbgsym
Architecture: arm64
Version: 0.8.4-2+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: arm Build Daemon (arm-conova-04) <buildd_arm64-arm-conova-04@buildd.debian.org>
Changed-By: Roberto C. Sánchez <roberto@debian.org>
Description:
 libbson-xs-perl - Perl XS implementation of MongoDB's BSON serialization
Changes:
 libbson-xs-perl (0.8.4-2+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Fix security issues in embedded copy of libbson:
     + CVE-2017-14227: the bson_iter_codewscope function in bson-iter.c
       miscalculates a bson_utf8_validate length argument, which allows remote
       attackers to cause a denial of service (heap-based buffer over-read in the
       bson_utf8_validate function in bson-utf8.c), as demonstrated by
       bson-to-json.c.
     + CVE-2018-16790: _bson_iter_next_internal has a heap-based buffer over-read
       via a crafted bson buffer.
     + CVE-2023-0437: When calling bson_utf8_validate on some inputs a loop
       with an exit condition that cannot be reached may occur, i.e. an infinite
       loop.
     + CVE-2024-6381: The bson_strfreev function in the MongoDB C driver
       library may be susceptible to an integer overflow where the function will
       try to free memory at a negative offset. This may result in memory
       corruption.
     + CVE-2024-6383: The bson_string_append function in MongoDB C Driver may
       be vulnerable to a buffer overflow where the function might attempt to
       allocate too small of buffer and may lead to memory corruption of
       neighbouring heap memory.
     + CVE-2025-0755: The various bson_append functions in the MongoDB C
       driver library may be susceptible to buffer overflow when performing
       operations that could result in a final BSON document which exceeds the
       maximum allowable size (INT32_MAX), resulting in a segmentation fault and
       possible application crash.
Checksums-Sha1:
 dd0120e2e3c2f262d89fe68cf35763399885f850 192356 libbson-xs-perl-dbgsym_0.8.4-2+deb12u1_arm64.deb
 4115fe239d4ab0768bcac4dc916388c17ea3456e 7351 libbson-xs-perl_0.8.4-2+deb12u1_arm64-buildd.buildinfo
 b5e9cb04fbd75eb9c5b6238739a1374a80c9752d 62956 libbson-xs-perl_0.8.4-2+deb12u1_arm64.deb
Checksums-Sha256:
 03f3cf164b4b5506cbde54ba0c5a8f5843f957a99a979e25ae4e330fb866bd5e 192356 libbson-xs-perl-dbgsym_0.8.4-2+deb12u1_arm64.deb
 0d8e7df0da1f593877fc334bdfadce3bb3b26a70b1038cb2c9d9904c1df38916 7351 libbson-xs-perl_0.8.4-2+deb12u1_arm64-buildd.buildinfo
 fe81959c0ab97a9c99922dafb9f407acbf3f708782bcc616684639ab80f33abe 62956 libbson-xs-perl_0.8.4-2+deb12u1_arm64.deb
Files:
 82328b116547d1f8bb3bf6d0752f4e34 192356 debug optional libbson-xs-perl-dbgsym_0.8.4-2+deb12u1_arm64.deb
 d8ad72e1f2c224265140f67cc9ab5376 7351 perl optional libbson-xs-perl_0.8.4-2+deb12u1_arm64-buildd.buildinfo
 9481f518ee64e2b06d5834f50d3553e0 62956 perl optional libbson-xs-perl_0.8.4-2+deb12u1_arm64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEvEwFZ4bqkVI+Rh6t+N4VxR6LZYEFAmgdF3YACgkQ+N4VxR6L
ZYH1pw/9GJkdmrfbgS0GaETPvPQCDH5Oj7rmWB6ruDV0zRYEHkUoAg8d+15TZhkk
boHaJ8ZYTY+0ueFO2oZ1uWgRyYjL8eH6ZwHyVYlrEuN8zf4bfSOrWUUd5K3nTZjE
KJLmCp5xRZHR4Ul7iOelFwx7tpcVZfP987Rx75CTIm8J17NA8NTttWIdkrb5D5vf
V6Jg4IMR+1/aP9zJ8txc8opCsmTDaFJuQrZzkuVDwkhw/WjDQLlOYvJm0lo06QI+
8HkbdHmay16tleMO7jsziI7KsPei/sAQgxg5VVmitfbh0By8o27KOdP1kHGsvkX4
ZQ28azuvpTCiRVoMowX8qwFTJ+5XIVVcUZ6HfllFyVr+Gr1WtVrt49mBGjvfBoSz
spDeN4ZhYbG3ln20+XluR04v1p02KGZ9k6M9HcIqQSG7b4sMWx0yYK3dzmZiMY8u
wBjUoyg4No+jC13EapHv1MqhSiuZIEDiVdH6MawvzQXFHbyqVjY3G15A/ItyOrIG
ysMt3h5QpC2JhaMwMwvluEYP+q/O7sUMMWNDaFMk9fq0npaqA9oEuB6uLnyVUnrL
4JYOUMVn1Qts0YRBlyfstJeR0a1KhBKAW1h0sakCngj62fNkfu+6IXZOwTSpS340
5NfeIvU3Ko7V6/x0IsghV2hg8x+sAxXCXyOWqFTRq5JzXZ5LDh0=
=6V7D
-----END PGP SIGNATURE-----