mongo-c-driver - Debian Package Tracker

general

source: mongo-c-driver (main)
version: 2.3.1-1
maintainer: Mongo C Driver Team (DMD)
uploaders: Roberto C. Sanchez [DMD] – Kevin Albertson [DMD]
arch: all any
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.17.6-1
o-o-sec: 1.17.6-1+deb11u2
oldstable: 1.23.1-1+deb12u3
stable: 1.30.4-1+deb13u2
testing: 2.3.1-1
unstable: 2.3.1-1

versioned links

1.17.6-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.17.6-1+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.23.1-1+deb12u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.30.4-1+deb13u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.3.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libbson-dev
libbson-doc
libbson2-2
libmongoc-dev
libmongoc-doc
libmongoc2-2

action needed

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

In debian/watch no matching files for watch source
  https://github.com/mongodb/mongo-c-driver/releases

Created: 2026-04-23 Last update: 2026-06-11 17:30

Failed to analyze the VCS repository. Please troubleshoot and fix the issue. high

vcswatch reports that there is an error with this package's VCS, or the debian/changelog file inside it. Please check the error shown below and try to fix it. You might have to update the VCS URL in the debian/control file to point to the correct repository.

debian/changelog not found in any branch (tried master, debian, debian/master, debian/sid, debian/latest, debian/experimental, master)

Created: 2024-02-04 Last update: 2026-06-11 09:02

5 security issues in bullseye high

There are 5 open security issues in bullseye.

1 important issue:

CVE-2026-9100: The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from the database without adequate validation. Crafted documents in a GridFS collection may cause any application that reads those files via the legacy API to either crash (via a division-by-zero) or silently leak process memory contents (via an out-of-bounds read).

4 issues postponed or untriaged:

CVE-2026-4359: (postponed; to be fixed through a stable update) A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications using the MongoDB C driver.
CVE-2026-6231: (postponed; to be fixed through a stable update) The bson_validate function may return early on specific inputs and incorrectly report success. This behavior could result in skipping validation for BSON data, allowing malformed or invalid UTF-8 sequences to bypass validation and be processed incorrectly. The issue may affect applications that rely on these functions to validate untrusted BSON data before further processing. This issue affects MongoDB C Driver versions prior to 1.30.5, MongoDB C Driver version 2.0.0 and MongoDB C Driver version 2.0.1
CVE-2026-6691: (postponed; to be fixed through a stable update) The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI.
CVE-2025-14911: (postponed; to be fixed through a stable update) User-controlled chunkSize metadata from MongoDB lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container.

Created: 2026-05-20 Last update: 2026-06-09 04:31

Multiarch hinter reports 3 issue(s) normal

There are issues with the multiarch metadata for this package.

libbson-doc could be marked Multi-Arch: foreign
libmongoc-doc could be marked Multi-Arch: foreign
libbson2-2 could be marked Multi-Arch: same

Created: 2018-11-07 Last update: 2026-06-11 18:31

lintian reports 1092 warnings normal

Lintian reports 1092 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2026-04-23 Last update: 2026-04-23 11:34

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.7.2).

Created: 2025-12-23 Last update: 2026-06-03 22:30

testing migrations

This package will soon be part of the auto-openssl transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2026-06-09] mongo-c-driver 2.3.1-1 MIGRATED to testing (Debian testing watch)
[2026-06-03] Accepted mongo-c-driver 2.3.1-1 (source) into unstable (Roberto C. Sanchez)
[2026-05-04] Accepted mongo-c-driver 1.23.1-1+deb12u3 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Roberto C. Sanchez)
[2026-05-04] Accepted mongo-c-driver 1.30.4-1+deb13u2 (source) into proposed-updates (Debian FTP Masters) (signed by: Roberto C. Sanchez)
[2026-04-28] mongo-c-driver 2.3.0-1 MIGRATED to testing (Debian testing watch)
[2026-04-22] Accepted mongo-c-driver 2.3.0-1 (source) into unstable (Roberto C. Sanchez)
[2026-04-15] mongo-c-driver 2.2.4-1 MIGRATED to testing (Debian testing watch)
[2026-04-09] Accepted mongo-c-driver 2.2.4-1 (source) into unstable (Roberto C. Sanchez)
[2026-03-09] mongo-c-driver 2.2.3-1 MIGRATED to testing (Debian testing watch)
[2026-03-03] Accepted mongo-c-driver 2.2.3-1 (source) into unstable (Roberto C. Sanchez)
[2026-02-20] mongo-c-driver 2.2.2-1 MIGRATED to testing (Debian testing watch)
[2026-02-13] Accepted mongo-c-driver 2.2.2-1 (source) into unstable (Roberto C. Sanchez)
[2026-01-14] Accepted mongo-c-driver 1.17.6-1+deb11u2 (source) into oldoldstable-security (Roberto C. Sanchez)
[2025-12-26] Accepted mongo-c-driver 1.23.1-1+deb12u2 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Roberto C. Sanchez)
[2025-12-20] Accepted mongo-c-driver 1.30.4-1+deb13u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Roberto C. Sanchez)
[2025-12-19] mongo-c-driver 2.2.1-1 MIGRATED to testing (Debian testing watch)
[2025-12-11] Accepted mongo-c-driver 2.2.1-1 (source) into unstable (Roberto C. Sanchez)
[2025-12-01] mongo-c-driver 2.2.0-1 MIGRATED to testing (Debian testing watch)
[2025-11-26] Accepted mongo-c-driver 2.2.0-1 (source) into unstable (Roberto C. Sanchez)
[2025-10-14] mongo-c-driver 2.1.2-1 MIGRATED to testing (Debian testing watch)
[2025-10-08] Accepted mongo-c-driver 2.1.2-1 (source) into unstable (Roberto C. Sanchez)
[2025-10-07] mongo-c-driver 2.1.1-1 MIGRATED to testing (Debian testing watch)
[2025-10-01] Accepted mongo-c-driver 2.1.1-1 (source) into unstable (Roberto C. Sanchez)
[2025-08-29] mongo-c-driver 2.1.0-1 MIGRATED to testing (Debian testing watch)
[2025-08-14] Accepted mongo-c-driver 2.1.0-1 (source) into unstable (Roberto C. Sanchez)
[2025-07-21] Accepted mongo-c-driver 2.0.2-1 (source amd64 all) into experimental (Debian FTP Masters) (signed by: Roberto C. Sanchez)
[2025-06-03] mongo-c-driver 1.30.4-1 MIGRATED to testing (Debian testing watch)
[2025-05-20] Accepted mongo-c-driver 1.17.6-1+deb11u1 (source) into oldstable-security (Roberto C. Sanchez)
[2025-05-07] Accepted mongo-c-driver 1.30.4-1 (source) into unstable (Roberto C. Sanchez)
[2025-04-26] Accepted mongo-c-driver 1.23.1-1+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Roberto C. Sanchez)

bugs [bug history graph]

all: 0

links

homepage
lintian (0, 1092)
buildd: logs, reproducibility, cross
popcon
browse source code
other distros
security tracker
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.2.2-1