-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 18 May 2025 18:14:32 -0400
Source: mongo-c-driver
Architecture: source
Version: 1.17.6-1+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Mongo C Driver Team <mongo-c-driver-debian@googlegroups.com>
Changed-By: Roberto C. Sanchez <roberto@connexer.com>
Changes:
mongo-c-driver (1.17.6-1+deb11u1) bullseye-security; urgency=medium
.
* Fix CVE-2021-32050: Some MongoDB Drivers may erroneously publish events
containing authentication-related data to a command listener configured
by an application. The published events may contain security-sensitive
data when specific authentication-related commands are executed. Without
due care, an application may inadvertently expose this sensitive
information, e.g., by writing it to a log file. This issue only arises if
an application enables the command listener feature (this is not enabled
by default).
* Fix CVE-2023-0437: When calling bson_utf8_validate on some inputs a loop
with an exit condition that cannot be reached may occur, i.e. an infinite
loop.
* Fix CVE-2024-6381: The bson_strfreev function in the MongoDB C driver
library may be susceptible to an integer overflow where the function will
try to free memory at a negative offset. This may result in memory
corruption.
* Fix CVE-2024-6383: The bson_string_append function in MongoDB C Driver may
be vulnerable to a buffer overflow where the function might attempt to
allocate too small of buffer and may lead to memory corruption of
neighbouring heap memory.
* Fix CVE-2025-0755: The various bson_append functions in the MongoDB C
driver library may be susceptible to buffer overflow when performing
operations that could result in a final BSON document which exceeds the
maximum allowable size (INT32_MAX), resulting in a segmentation fault and
possible application crash.
Checksums-Sha1:
c05229bedbab5d9e417510682a7b77d0d34c6358 2704 mongo-c-driver_1.17.6-1+deb11u1.dsc
344453aac32084e929d6ada7685a4285b118dadf 5741315 mongo-c-driver_1.17.6.orig.tar.gz
bd2c6bfa93e46f4d83d605e1f6eae926ecc364ce 17264 mongo-c-driver_1.17.6-1+deb11u1.debian.tar.xz
04e5212cabb8a1c9304412077e242389cadfe6d8 8907 mongo-c-driver_1.17.6-1+deb11u1_source.buildinfo
Checksums-Sha256:
189d875fd1179bf01fa2dce01c7f2790cc2be921234491cfa917a6fd2835e3c4 2704 mongo-c-driver_1.17.6-1+deb11u1.dsc
df22c22273c82a92f3749604cf63c5529e01de01735e028d1d6f1bafbea41c32 5741315 mongo-c-driver_1.17.6.orig.tar.gz
65339cb840b6f4b49096c5d0ca996563c6b73244b6708da75ddc585920732997 17264 mongo-c-driver_1.17.6-1+deb11u1.debian.tar.xz
a7259b66e52fdbebfcbac8ca22d74c3f415375d0cc33da7904dd07fb3eaa4254 8907 mongo-c-driver_1.17.6-1+deb11u1_source.buildinfo
Files:
71fc6bc01491737961867af53c6bdfe8 2704 libs optional mongo-c-driver_1.17.6-1+deb11u1.dsc
96761b6ffcdb0128272af38364432dca 5741315 libs optional mongo-c-driver_1.17.6.orig.tar.gz
8621a38d8f2e59fb36bdc55ddceb7435 17264 libs optional mongo-c-driver_1.17.6-1+deb11u1.debian.tar.xz
9441840ba052548994fd30e52e027805 8907 libs optional mongo-c-driver_1.17.6-1+deb11u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEIYZ1DR4ae5UL01q7ldFmTdL1kUIFAmgsyqEACgkQldFmTdL1
kULJSA//UHoLaA0E99GKRyYBfSh3Wc6bzouLQXwfYvPmIVCzBzBHz0aIfZ3I1Ihu
dulW2WaZLY/BpHLzYGE9J5EY4J9XqiyMfMFmOL46AL0hiiZQi9/i4hrD1IFbAJ64
mji9YcP5vaOKvt06IOUidHQHuEsUXcu16vzNchJyAnhq7Nwhqjpu9+IUxWuaIL7l
jKtlkc9m+DsBRxMsbBWlM3UMjsrFhZ6ietc7q9end9c3vEXpEU/0nUsUMrDXmiJu
PxMJnbpgGjhGgcTPPN3dmVvpPqiwGUpmIaR4XMFONxwULb+X3LqG2GEAfKfTtil3
pLW3jWtdNiDytWRSdn2UD9YTO3cJwJjsNWG42VuwnFZGxQTUA+pNNEZWslbNaKKj
ZeYFJmvvgv2Z0qaTCUXkL3oAZNKlyg1xltakOdPayY669/AGE201y/bjL+CQJBtJ
ARmRAR1ScoRoLHxn9J21clIL0F79mIspmklhzb0uVBPA7TagbcEE7+qKOsTitgtf
Ezw4S2o1A3bPPpsjcQxm2eAbJq/PNyYGUEARDMFo7TNyCD9kp0BSQ/GhMOuEYAIw
KwNYqXgTYRlVQvQH7IzNjcJ1SE5SNDXVancwagRHO9sJh7ezXxQzAbQpmGnVBBY3
MIz3TBuCLG6Zr2GqzCzoooAS9pf718xPZCIO99cHTzPlqnldYB4=
=soyk
-----END PGP SIGNATURE-----
Attachment:
pgp3cnEQdlqrv.pgp
Description: PGP signature