-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 03 May 2025 16:43:49 -0400
Source: libbson-xs-perl
Architecture: source
Version: 0.8.4-2+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>
Changed-By: Roberto C. Sánchez <roberto@debian.org>
Changes:
 libbson-xs-perl (0.8.4-2+deb12u1) bookworm; urgency=medium
 .
   * Non-maintainer upload.
   * Fix security issues in embedded copy of libbson:
     + CVE-2017-14227: the bson_iter_codewscope function in bson-iter.c
       miscalculates a bson_utf8_validate length argument, which allows remote
       attackers to cause a denial of service (heap-based buffer over-read in the
       bson_utf8_validate function in bson-utf8.c), as demonstrated by
       bson-to-json.c.
     + CVE-2018-16790: _bson_iter_next_internal has a heap-based buffer over-read
       via a crafted bson buffer.
     + CVE-2023-0437: When calling bson_utf8_validate on some inputs a loop
       with an exit condition that cannot be reached may occur, i.e. an infinite
       loop.
     + CVE-2024-6381: The bson_strfreev function in the MongoDB C driver
       library may be susceptible to an integer overflow where the function will
       try to free memory at a negative offset. This may result in memory
       corruption.
     + CVE-2024-6383: The bson_string_append function in MongoDB C Driver may
       be vulnerable to a buffer overflow where the function might attempt to
       allocate too small of buffer and may lead to memory corruption of
       neighbouring heap memory.
     + CVE-2025-0755: The various bson_append functions in the MongoDB C
       driver library may be susceptible to buffer overflow when performing
       operations that could result in a final BSON document which exceeds the
       maximum allowable size (INT32_MAX), resulting in a segmentation fault and
       possible application crash.
Checksums-Sha1:
 241fc7f2acbb60f9ec3451fd2b731d28d982ddad 2358 libbson-xs-perl_0.8.4-2+deb12u1.dsc
 899eb340f0835389b056c73a82ad21c1b51d7c93 8244 libbson-xs-perl_0.8.4-2+deb12u1.debian.tar.xz
 eb5bdfd980e73405dd8553566a50fb9cfea77ab2 7419 libbson-xs-perl_0.8.4-2+deb12u1_amd64.buildinfo
Checksums-Sha256:
 54cb1ec99008e7643130109a8cd33a0b529805e37670448f3b03cba5f2ae3f87 2358 libbson-xs-perl_0.8.4-2+deb12u1.dsc
 13b88a7046785bc4ff52d5902d8f2fd3623fdd264946f5ca4759bb0e6b99f57c 8244 libbson-xs-perl_0.8.4-2+deb12u1.debian.tar.xz
 ad1f576548d625938b259503a961fbcc75c25133369f2803fcad4252332314ff 7419 libbson-xs-perl_0.8.4-2+deb12u1_amd64.buildinfo
Files:
 fafbd9a35a35dd71b426c5c758e5e0c1 2358 perl optional libbson-xs-perl_0.8.4-2+deb12u1.dsc
 140b08c5fc75e597ab5b4faf4ec618c7 8244 perl optional libbson-xs-perl_0.8.4-2+deb12u1.debian.tar.xz
 ce4b1a526be8a2beba43e5cc0c8bad41 7419 perl optional libbson-xs-perl_0.8.4-2+deb12u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEIYZ1DR4ae5UL01q7ldFmTdL1kUIFAmgWgO8ACgkQldFmTdL1
kUJDbBAAlYhcXQI+6G6JaYoAuwguxw+6/YhqGZR59LCvUK7nvZzqfBepF+5jl+tr
uOufko+26lN479bM5CT5hepJfsF1r0OOg/5PSVpWZ5wkIIEwPYjlAffEvHvBwoyN
Yg//NZR+/17kWwj7m56Cyqvjh/V1FA8dMee2ELnEB/39FPjtRK1Jk3JYm0kvVlho
jtu4OWbx8q/PymaZQ7PMhfnBEYkdj50b7OZyokCIRarygsHsIliLJCe5fEEFMZE7
Ku7N0VbLJCw++GMP3F3RVuvA3OA7o2ypmFMHDIap/PNE/V+ZMaeE9tzpLhAHfVL3
0kKBtLuRs/Xft8B7ozwpolWhiaETyK0hjvabgrLUC92ApQGLdeIOu1Xpazdvlpu5
vuZDo8WSDet56ZK7/rnq4arvO+hPVzv6MCZFOLaqc5JM2MlL/a1ySQDpwmSeuiNV
3gznXsrQMpri8M+87MLPWy7TDpfBpYr/4b9AK9mi8AsDWGYScfKWNFha5ChEgzk2
9FJOdeVQMkXBaNjEanXS7dr5XeYWQ9Zg+QvGQdO+Q/jRgXltMuKUajJkbp8gaQrc
Vxsl3+knroS8Zkmrs8CYYy9VKZY7u2ldBoiwYmeO7qLxC5PeugXswlj8VWiotMws
Np2+JdcsJzpBV0uBW8nO/8z2CBLKi93jq54y9SQr1zdsysgBmyE=
=A2OW
-----END PGP SIGNATURE-----