[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 3832-1] pymongo security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3832-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                   Bastien Roucariès
June 17, 2024                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : pymongo
Version        : 3.7.1-1.1+deb10u1
CVE ID         : CVE-2024-5629

An out-of-bounds read in the 'bson' module allowed deserialization of
malformed BSON provided by a Server to raise an exception which may contain
arbitrary application memory.

For Debian 10 buster, this problem has been fixed in version
3.7.1-1.1+deb10u1.

We recommend that you upgrade your pymongo packages.

For the detailed security status of pymongo please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pymongo

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmZwIYsRHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF+DpBAAghm8McmZjTlWyOKExpE8u0tGdyvkctO1
952YPy/RxqQWfYNcutJ0Nsimqj/8AbUJy6/E4t5tD+tLSU5+7PGxbBBtgsyGaG7a
UVVlhAtuLm4qquONmZbW4bUR8vO4PFTOnWcCyBLmqigsiHoOZotQUm2EqbWgLHxo
63raFYaox3q/ZRl5UrTrtAGpP3iYBLKLPEZeS+Ay8e8Ug+IfqrNuakT9DFAOGTiJ
cPjTrCmOnJ16+2dn4E/zhAMq4jBMcCLvT9042gKot7Hi5lmuyWdYNwATKlkau1y7
ghP5FxAMnxwJyTBi9zqPPBfyE+F8JdYHrbAlEwzDuLB75Gc7tjWfzQ0l29nn9hfa
kiBky/uo39YZ3FC7hTA8mqK14gtjDB0JVD4I7+jEsOxX6+uJsadxamvHiZNkaxA/
oVyZ8Z06SS7JGU1uEKdj9bCqH/cz5FAADA5a705RuXgujP0jkczs86HAxCDJnSNX
KQ2xQXJyiRiKikMadm1PUsjEx4eM73rBrIVlSvwam+LQi1SYWTgQ2NkwHRFF3pAx
wMZdMFANhqszol7A7rebrQFivlL0m9ZNxw4EApM+uopw6AIEUEhGk2HPtX5wST+w
bKHsOM2kXkB2iKa6V8LAfIANxY8+g+nbm5aFu+FgvCo9gL7VQx01NzOtRVIr3ML1
gK3/YoOlZds=
=Ip7j
-----END PGP SIGNATURE-----


Reply to: