Re: bson CVEs in (E)LTS

To: Chris Lamb <lamby@debian.org>
Cc: debian-lts@lists.debian.org, security@debian.org
Subject: Re: bson CVEs in (E)LTS
From: Roberto C. Sánchez <roberto@debian.org>
Date: Mon, 31 Mar 2025 11:57:10 -0400
Message-id: <[🔎] Z-q7VisLlOsgXHtQ@localhost>
Mail-followup-to: Roberto C. Sánchez <roberto@debian.org>, Chris Lamb <lamby@debian.org>, debian-lts@lists.debian.org, security@debian.org
In-reply-to: <[🔎] b110e366-dae6-4f55-aa65-2ebb615e943c@app.fastmail.com>
References: <[🔎] Z+qfgRASfBmmpuuA@localhost> <[🔎] b110e366-dae6-4f55-aa65-2ebb615e943c@app.fastmail.com>

On Mon, Mar 31, 2025 at 04:20:08PM +0100, Chris Lamb wrote:
> Adrian Bunk wrote:
> 
> > It would make sense if the same person fixes the CVEs in all copies of 
> > the bson code in all releases.
> 
> Indeed it would. If someone has a connection or history with any of
> these packages already, I'd be more than happy to relinquish my claim
> on mongo-c-driver so they are all handled together.
> 
Thanks! I've taken them over just now.

> (At the time of writing they are not yet in {dla,ela}-needed.txt AFAICS.)
> 
Whenever the rest show up, I'll grab them as well.

Regards,

-Roberto

-- 
Roberto C. Sánchez

Reply to:

References:
- bson CVEs in (E)LTS
  - From: Adrian Bunk <bunk@debian.org>
- Re: bson CVEs in (E)LTS
  - From: "Chris Lamb" <lamby@debian.org>

Prev by Date: Re: Bug#1082927: flatpak [LTS]: CVE-2024-42472: sandbox escape for apps with --persist=DIR permission
Next by Date: Re: bson CVEs in (E)LTS
Previous by thread: Re: bson CVEs in (E)LTS
Next by thread: Re: Bug#1082927: flatpak [LTS]: CVE-2024-42472: sandbox escape for apps with --persist=DIR permission
Index(es):
- Date
- Thread