libbson-xs-perl (0.8.4-1+deb11u1) bullseye-security; urgency=high * Non-maintainer upload by the LTS Team. * Fix security issues in embedded copy of libbson: + CVE-2017-14227: the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as demonstrated by bson-to-json.c. + CVE-2018-16790: _bson_iter_next_internal has a heap-based buffer over-read via a crafted bson buffer. + CVE-2023-0437: When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. + CVE-2024-6381: The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. + CVE-2024-6383: The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. + CVE-2025-0755: The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. -- Roberto C. Sánchez Sat, 03 May 2025 16:44:24 -0400 libbson-xs-perl (0.8.4-1) unstable; urgency=medium * Team upload. * Import upstream version 0.8.4. * Update debian/upstream/metadata. * Add notice about upstream support to long description. * Bump debhelper-compat to 13. -- gregor herrmann Fri, 14 Aug 2020 03:49:42 +0200 libbson-xs-perl (0.8.3-1) unstable; urgency=medium * Team upload. * debian/control: update Build-Depends for cross builds. * debian/watch: use uscan version 4. * Import upstream version 0.8.3. * Update years of upstream copyright. * Declare compliance with Debian Policy 4.5.0. * Annotate test-only build dependencies with . * Remove obsolete fields Contact, Name from debian/upstream/metadata. -- gregor herrmann Fri, 17 Apr 2020 20:15:26 +0200 libbson-xs-perl (0.8.2-1) unstable; urgency=medium * Import upstream version 0.8.2 * Declare compliance with policy 4.4.1 * Add "Rules-Requires-Root: no" -- Xavier Guimard Sat, 07 Dec 2019 08:27:12 +0100 libbson-xs-perl (0.8.1-1) unstable; urgency=medium * Import upstream version 0.8.1 * Update libbson-perl dependency version to 1.12.1~ * Replace "perl (>= 5.27.8) | libjson-pp-perl (>= 2.97001)" by "libjson-pp-perl (>= 2.97001)" -- Xavier Guimard Sat, 17 Aug 2019 21:28:06 +0200 libbson-xs-perl (0.8.0-1) unstable; urgency=medium * Import upstream version 0.8.0 * Update debian/copyright * Bump debhelper compatibility level to 12 * Declare compliance with policy 4.4.0 * Update libbson-perl dependency (>= 1.12.0) * Add debian/gbp.conf -- Xavier Guimard Thu, 18 Jul 2019 09:08:11 +0200 libbson-xs-perl (0.6.0-1) unstable; urgency=medium * Import upstream version 0.6.0 * Set minimal libbson-perl version to 1.10.1 * Replace "libjson-pp-perl (>= 2.97001) | perl (>= 5.27.8)" by "perl (>= 5.27.8) | libjson-pp-perl (>= 2.97001)" -- Xavier Guimard Sat, 01 Dec 2018 18:56:48 +0100 libbson-xs-perl (0.4.6-1) unstable; urgency=medium * Import upstream version 0.4.6 * Remove unnecessary version in libbson-perl dependency * Add "Multi-Arch: same" -- Xavier Guimard Tue, 16 Oct 2018 06:36:53 +0200 libbson-xs-perl (0.4.4-1) unstable; urgency=medium * Email change: Xavier Guimard -> yadd@debian.org * Import upstream version 0.4.4 * Declare compliance ith policy 4.2.1 * Add libjson-pp-perl and libtest-fatal-perl in build dependencies * Add required version for libbson-perl (>= 1.8.0) -- Xavier Guimard Tue, 18 Sep 2018 06:26:33 +0200 libbson-xs-perl (0.4.3-1) unstable; urgency=low * Initial release (Closes: #905128) -- Xavier Guimard Tue, 31 Jul 2018 15:39:46 +0200