-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 03 May 2025 16:43:49 -0400 Source: libbson-xs-perl Binary: libbson-xs-perl libbson-xs-perl-dbgsym Architecture: i386 Version: 0.8.4-2+deb12u1 Distribution: bookworm Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-conova-02) Changed-By: Roberto C. Sánchez Description: libbson-xs-perl - Perl XS implementation of MongoDB's BSON serialization Changes: libbson-xs-perl (0.8.4-2+deb12u1) bookworm; urgency=medium . * Non-maintainer upload. * Fix security issues in embedded copy of libbson: + CVE-2017-14227: the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as demonstrated by bson-to-json.c. + CVE-2018-16790: _bson_iter_next_internal has a heap-based buffer over-read via a crafted bson buffer. + CVE-2023-0437: When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. + CVE-2024-6381: The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. + CVE-2024-6383: The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. + CVE-2025-0755: The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. Checksums-Sha1: 184257299413cd7dcf6ba511578650407884c2f0 159144 libbson-xs-perl-dbgsym_0.8.4-2+deb12u1_i386.deb 3cce34812d472ff94a3cae6e8942caf2e03764cf 7292 libbson-xs-perl_0.8.4-2+deb12u1_i386-buildd.buildinfo 176664d1b03829da16a62eb75cd846ab09138078 70368 libbson-xs-perl_0.8.4-2+deb12u1_i386.deb Checksums-Sha256: e4ef8bed4c6d670cdd18a31f20cd447b2716c3ff881cd0ea975d1e7477b988d2 159144 libbson-xs-perl-dbgsym_0.8.4-2+deb12u1_i386.deb c057c91fff10a44af913fbe911c66827142992acb7e36f68eea30b9ad9ca1835 7292 libbson-xs-perl_0.8.4-2+deb12u1_i386-buildd.buildinfo c847da04e3c30eb101b867456600ef0e505b16051065d57502122ac990d1cbd7 70368 libbson-xs-perl_0.8.4-2+deb12u1_i386.deb Files: f731b3e834d9603648b82f0980747913 159144 debug optional libbson-xs-perl-dbgsym_0.8.4-2+deb12u1_i386.deb ad816a1cb14485226426aaa62166bfb9 7292 perl optional libbson-xs-perl_0.8.4-2+deb12u1_i386-buildd.buildinfo 52a69fbd3845c8353bda380d7d7c567e 70368 perl optional libbson-xs-perl_0.8.4-2+deb12u1_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEErwLLVsiCiGZggzpHJuP6X4A0XeIFAmgdGCAACgkQJuP6X4A0 XeKLyhAAoDe/mpq/fXi79on70ts3fIx04NlZX6HbDcIcyvdYuFZdVmXgdBsH8RPl YbLAghlhB67ItHwizIWoaf2OarwQOJMgo+yhZkt6+WGd1o5HmCGTHiIrtCNGtG/W DrqFfBdmYBnDBYILjo6nemEjkH1Ej363wSbBJ8/v03ldiFXvyyshhkCevLCtoDF2 bzhqqgg2Lv+dbMeyTsPQQIbQvm82Z1Wsu9VtjNY2eGSCNblDlxeNvjhuNGNKjexx uDWBIuWOD8Qfwo5ehz8B6K9aGXmbGiaGO8TW7e/qg4MLYnvG3ZTHYKb1N6j3zFVk R+dvMYe7G76CDPH78iY9XU3UA/IK3lZXE3K7y/Jw+azGwz20OlmxHVrRuiYqKTHU QR0h2fKfik2vpZQ6u6o68iMHtQIIxrve7oFaHaf1E45xxxpg033dym/1njCFPSwn 6X7hixeP88kWfvNCKMbVzp+GN6/HQYnwaXqJCUn4+j8yMFs2JUFAQpU3kYU/p8zz 1s+xwvP9L1oH2AlSXxSCNJMogqMLAtQkVY9pl56v7ZdnBCotB/VXyhmq0zN537+t GAIYiBOQ+HNtQdlyTbHbIGN8Xr5V/2mtyTd7y3k3uwicTvyM+aOxOIFUemYP3I7F E/plDwhON9BgnjdkgpND86iU95a629ndrN17lIhAG2wDuIbrxZY= =TTh6 -----END PGP SIGNATURE-----