-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 03 May 2025 16:43:49 -0400 Source: libbson-xs-perl Binary: libbson-xs-perl libbson-xs-perl-dbgsym Architecture: s390x Version: 0.8.4-2+deb12u1 Distribution: bookworm Urgency: medium Maintainer: s390x Build Daemon (zandonai) Changed-By: Roberto C. Sánchez Description: libbson-xs-perl - Perl XS implementation of MongoDB's BSON serialization Changes: libbson-xs-perl (0.8.4-2+deb12u1) bookworm; urgency=medium . * Non-maintainer upload. * Fix security issues in embedded copy of libbson: + CVE-2017-14227: the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as demonstrated by bson-to-json.c. + CVE-2018-16790: _bson_iter_next_internal has a heap-based buffer over-read via a crafted bson buffer. + CVE-2023-0437: When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. + CVE-2024-6381: The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. + CVE-2024-6383: The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. + CVE-2025-0755: The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. Checksums-Sha1: 99ea706147f588a4cf96dd59535b87fb71402f1b 178796 libbson-xs-perl-dbgsym_0.8.4-2+deb12u1_s390x.deb 54acf7d227273ea87cb6b3e100a8ddf776650103 7247 libbson-xs-perl_0.8.4-2+deb12u1_s390x-buildd.buildinfo ff8775a0e45176de603fb2e0c462b0e8b0104312 63452 libbson-xs-perl_0.8.4-2+deb12u1_s390x.deb Checksums-Sha256: cfbe51d83e53cc52c7f4b9357facc59f8772e49c12431c172a2d9cea675cc2c1 178796 libbson-xs-perl-dbgsym_0.8.4-2+deb12u1_s390x.deb 1e6c9e2d68adbae5bd0ce321c48c6774d34f9fe00115da0bfa3be8f0a9225f07 7247 libbson-xs-perl_0.8.4-2+deb12u1_s390x-buildd.buildinfo b7aac0c3108edb6caeef429d49d319c14592bdafe7953c0b773b73b3d4e01c8e 63452 libbson-xs-perl_0.8.4-2+deb12u1_s390x.deb Files: 5e8baeddafd903475750e036321810f7 178796 debug optional libbson-xs-perl-dbgsym_0.8.4-2+deb12u1_s390x.deb acd4ec4c8775d52dc08f6233df250e58 7247 perl optional libbson-xs-perl_0.8.4-2+deb12u1_s390x-buildd.buildinfo 203fe4dbe43994ba639b164fc85f69b1 63452 perl optional libbson-xs-perl_0.8.4-2+deb12u1_s390x.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEu0D/YpnnSxv8epH9AKOyQzsWVasFAmgdGRwACgkQAKOyQzsW VatqBA/+OU1mw+NQJeCd2d+Ka64SN4tZAlnmksBa18OGEE/tfcncaaAui2TYMt9P cba/wyWnOUKj7SQQxoPqN1SpVNLA1dlCmDWAIDCRtinZp2WLULvjI5foOQRu+cY9 bXTaB/nzZkek0jGEgdHqi00renmtvKWOGgefmvwqAUVAe5R/Trd1KZq/sm68+3pm /iWttFnRSn1/bzUgpkSVQxX3Z8pIm4dovkUQioKuALEx9O0o2ZCe57hdsZ6SBeAE B369LYkO6cS7hHUmEYi89qetSb0dzG/dpNSBO/6Vxhv1I44OQNM3po4RH2oBLMEW cuLn5U9Hs5vcwnbg8ER93QA/XBqlNT0R93OtizwKEMwi0bhDg/gCZxLQDALYps1f k31dDlz0Z5JKkWQgZtojNrjNHVg2ZsHk2UzK74PyR/iq5bYifWgqzG1f5MRGrg7f B4mcEiBsxuEekAlg33MlLb9J37yNPLWj6VQBy+nOWKboZs/AsiNPFuHR35XxbQew 6ELsKHb7Nwvj4/qdsh5Y6hftjfO+dY1e5+x/8+nBUnccOlMadVKp0hV3KThmZH+g KQtPcm2MX1KMn3I6h4/mCAlnklLTehirHGqcQARNgSpDDg+VpiFxaoixAGCVrP1U +cBmD1KhXKoRAmkWX7ebxSXWR0QfUi+Qzc8nb4XbqwZXGtpCxmg= =IRZ+ -----END PGP SIGNATURE-----