-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 03 May 2025 16:43:49 -0400 Source: libbson-xs-perl Binary: libbson-xs-perl libbson-xs-perl-dbgsym Architecture: ppc64el Version: 0.8.4-2+deb12u1 Distribution: bookworm Urgency: medium Maintainer: ppc64el Build Daemon (ppc64el-conova-01) Changed-By: Roberto C. Sánchez Description: libbson-xs-perl - Perl XS implementation of MongoDB's BSON serialization Changes: libbson-xs-perl (0.8.4-2+deb12u1) bookworm; urgency=medium . * Non-maintainer upload. * Fix security issues in embedded copy of libbson: + CVE-2017-14227: the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as demonstrated by bson-to-json.c. + CVE-2018-16790: _bson_iter_next_internal has a heap-based buffer over-read via a crafted bson buffer. + CVE-2023-0437: When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. + CVE-2024-6381: The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. + CVE-2024-6383: The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. + CVE-2025-0755: The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. Checksums-Sha1: 8028754007f63148da8a976385e9b9386d80e76d 189312 libbson-xs-perl-dbgsym_0.8.4-2+deb12u1_ppc64el.deb f44827b61a667192ff44a957fdd68e29ed756bdc 7348 libbson-xs-perl_0.8.4-2+deb12u1_ppc64el-buildd.buildinfo c53d8786a92156ceeb3b22434059e1ca531809a0 71908 libbson-xs-perl_0.8.4-2+deb12u1_ppc64el.deb Checksums-Sha256: bf5ef6738d72809cd18d0008e101986166720d06f8217a9b577818d17fe75160 189312 libbson-xs-perl-dbgsym_0.8.4-2+deb12u1_ppc64el.deb 545c47a42aa140a857bfdbd017c6a8c812332def3bfa15d8ff11fd0d5883bb06 7348 libbson-xs-perl_0.8.4-2+deb12u1_ppc64el-buildd.buildinfo 4ad8ea60ab63308866b0e3a852023bdb9dbdebb5e472bd16e4b2e5b0d7a8f05f 71908 libbson-xs-perl_0.8.4-2+deb12u1_ppc64el.deb Files: db1b143e25635c076fd4704ef7258650 189312 debug optional libbson-xs-perl-dbgsym_0.8.4-2+deb12u1_ppc64el.deb 2945d1f3acaf6549b3425ea8a800d1b2 7348 perl optional libbson-xs-perl_0.8.4-2+deb12u1_ppc64el-buildd.buildinfo 01a075ad20c877ef011f6f1b1b9da3e9 71908 perl optional libbson-xs-perl_0.8.4-2+deb12u1_ppc64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEvNkWZvjZkiWgJGRETMSrGPLkYxUFAmgdGBcACgkQTMSrGPLk YxXYUhAAuwXVjtJEF4ETT509t4kVAQZhMMDxsKYrMWT+13kcPhdc+138VwhNp3A5 6yZJe8BbdT2STJ8QRxU4bq8JH4azPU3TUDEjP06g4GuoJGAOFEz7b3EjpUchpPSj 9Z7oA7Qu2THK9KgkD5JKYvnhcwYBdWgdbNOO2jV3DYpnOK48vFRmmZcIxbJLhk8S kG67lDgOTSS9pbDe12Loqj+kDjXO+nFoRbFpLw0Jqb6tkqV9Yl4SKuvElcvrsSnd qbiLeTuUjr4b5qpe/4FjZL83RxR7x0NLJPVvCwHxschxwROj3WyD0IFGbGsFuUpv vYYSN3AUwjSJpr6ZsLbgNJh68HjeC9dldyJJXwc/61a0+VkNcFST35zAeUPFpQoD 64uLbj7ywhM3nQiIpFp2n+x8X5POg71bGET0KfWrT+4JpKP+QLbq9Aa24xwRx7dV 3Efj1RuxXR1rc7hhJmfrBld7fDJwWWFcn6CbD9ec25MuK4ZZnxzivtLXtFSg1LV/ oYdroMylEJjlekp2bTni2X+3WIcB6u5DenpUbRyM+ro2Ttic4TK19xL8b7i563un VCtY2jKof8MC8NGME6sP4YntRmnJwpp4ZTrP6kOJ8bknHZNQkWJZzIajcZbjff4A jcTScrZ5xHFaD+oEaBEZG7kV6eqcPgjTh00FjQO8XdT+UUw1pdg= =1UxQ -----END PGP SIGNATURE-----