Bug#1073529: bullseye-pu: package pymongo/3.11.0-1+deb11u1

To: Bastien Roucariès <rouca@debian.org>, 1073529@bugs.debian.org
Subject: Bug#1073529: bullseye-pu: package pymongo/3.11.0-1+deb11u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Mon, 17 Jun 2024 18:14:45 +0100
Message-id: <[🔎] c5bee7ce619b15a4bd928d0a621314d7fa07af5d.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1073529@bugs.debian.org
In-reply-to: <[🔎] 1914231.MFCAW6Ok2r@portable-bastien>
References: <[🔎] 1914231.MFCAW6Ok2r@portable-bastien> <[🔎] 1914231.MFCAW6Ok2r@portable-bastien>

Control: tags -1 + confirmed

On Sun, 2024-06-16 at 20:52 +0000, Bastien Roucariès wrote:
> CVE-2024-5629
> 
> [ Impact ]
> An out-of-bounds read in the 'bson' module allows deserialization
> of malformed BSON provided by a Server to raise an exception which
> may contain
> arbitrary application memory

Please go ahead.

Regards,

Adam

Reply to:

References:
- Bug#1073529: bookworm-pu: package pymongo/3.11.0-1+deb11u1
  - From: Bastien Roucariès <rouca@debian.org>

Prev by Date: Bug#1073518: bookworm-pu: cups/2.4.2-3+deb12u6
Next by Date: Processed: Re: Bug#1073519: bullseye-pu: cups/2.3.3op2-3+deb11u7
Previous by thread: Processed: bookworm-pu: package pymongo/3.11.0-1+deb11u1
Next by thread: Processed: Re: Bug#1073529: bullseye-pu: package pymongo/3.11.0-1+deb11u1
Index(es):
- Date
- Thread