Debian Patches
Status for mongo-c-driver/1.23.1-1+deb12u3
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| CVE-2023-0437.patch | CDRIVER-4747 use `size_t` consistently in `bson_utf8_validate` (#1458) | Kevin Albertson <kevin.albertson@mongodb.com> | no | https://github.com/mongodb/mongo-c-driver/commit/fd3a978b35cac8f3c78c4d9a1b08fd5aa4d440b8 | 2023-10-30 | |
| CVE-2024-6381.patch | CDRIVER-5504 Use pointer-based iteration when traversing array elements (#1552) | Ezra Chung <88335979+eramongodb@users.noreply.github.com> | no | https://github.com/mongodb/mongo-c-driver/commit/effd95c34ad421df94eec7c69236f0e4172552d0 | 2024-03-08 | |
| CVE-2024-6383.patch | CDRIVER-5552 more robust string handling (#1593) | Roberto C. Sánchez <roberto@connexer.com> | no | https://github.com/mongodb/mongo-c-driver/commit/7c34461863211be172e6317221d72e4429bed45e | 2024-05-03 | |
| CVE-2025-0755.patch | CDRIVER-5601 more robust bson append (#1648) | Roberto C. Sánchez <roberto@connexer.com> | no | https://github.com/mongodb/mongo-c-driver/commit/d3cdb626be30748b9360451023c75438ec346a38 | 2024-07-16 | |
| CVE-2025-12119.patch | CDRIVER-6112 fix ownership transfer of `mongoc_write_command_t` (#2132) (#2137) * add regression test * do not memcpy `bson_t` struct in array * `memcpy` does not correctly transfer ownership of `bson_t`. Instead: heap allocate `bson_t`. * warn against using `bson_t` in `mongoc_array_t` |
Kevin Albertson <kevin.albertson@mongodb.com> | no | 2025-10-06 | ||
| 0001_CVE-2026-6231.patch | [CDRIVER-6017] BSON Validation Refactor (#2026) (Cherry-pick for 1.30.x) (#2031) * [CDRIVER-6017] BSON Validation Refactor (#2026) * New BSON validation routine rewrite The new `bson_validate` implementation does not make use of the error-prone `bson_visit` APIs. Instead, it is written as a simple recursive validator. The new validator respects requests for UTF-8 validation properly. * Stop validating at 1000 depth, preventing stack overflow * Replace most BSON validation tests with generated ones The existing test cases used BSON files, and didn't have any commentary on what they were actually testing. New test cases are generated from a Python shorthand and contain the tested bytes inline, with a distinct test case for each actual validation scenario. * Disable UTF-8 validation by default on CRUD APIs * Document and tweak the value of BSON_VALIDATE_CORRUPT * Add test cases related to the overlong null encoding * Tweak JS scope validation to permit more obj keys * Add a NEWS entry for validation changes. * Allow `-private.h` headers to not include the prelude header |
vector-of-bool <vectorofbool@gmail.com> | no | 2025-06-09 | ||
| 0002_CVE-2026-6231.patch | [CDRIVER-6017] Reduce `BSON_VALIDATION_MAX_NESTING_DEPTH` to 500 (#2035) To fix stack overflow encountered on MSVC on r1.30 branch. Likely caused by default over-alignment of `bson_t` and `bson_iter_t` removed in 2.0. |
Kevin Albertson <kevin.albertson@mongodb.com> | no | 2025-06-09 | ||
| 0003_CVE-2026-4359.patch | CDRIVER-6251 fix handling of HTTP response (#2233) (#2234) (#2254) (cherry picked from commit b93ebe6b99e614b49a24316c7a295eb3f08af603) |
Remi Collet <remi@remirepo.net> | no | 2026-03-19 | ||
| 0004_CDRIVER-6281.patch | CDRIVER-6281 improve handling of corrupt GridFS files (#2263) * add regression test for 0 chunk size * check chunkSize on read * propagate error in `mongoc_gridfs_file_list_next` * add regression test for too-small chunk * fix too-small chunk read |
Kevin Albertson <kevin.albertson@mongodb.com> | no | 2026-04-03 | ||
| 0005_CVE-2025-14911.patch | CDRIVER-6125 fix GridFS chunk size handling (#2146) (#2150) * validate chunk size from server document * test negative and zero length * check for negative length * Not strictly needed. But gives an earlier error. |
Kevin Albertson <kevin.albertson@mongodb.com> | no | 2025-10-16 | ||
| 0006_CVE-2025-14911.patch | CDRIVER-6125 replace `_mongoc_set_error` with `bson_set_error` | Kevin Albertson <kevin.albertson@mongodb.com> | no | 2026-04-07 | ||
| 0007_CVE-2026-6691.patch | CDRIVER-6134 check SASL username length Cherry-pick b4984965877d559862e225beba09cb4e9d4a56a6 and d9c26f49e75d3de746a690db9c81ff5b4f6e21b0 and reformat. |
Kevin Albertson <kevin.albertson@mongodb.com> | no | 2025-10-24 |
All known versions for source package 'mongo-c-driver'
- 2.3.1-1 (sid)
- 2.3.0-1 (forky)
- 1.30.4-1+deb13u2 (trixie)
- 1.23.1-1+deb12u3 (bookworm)