[Git][security-tracker-team/security-tracker][master] Reserve DLA-4175-1 for mongo-c-driver

Roberto C. Sánchez (@roberto) roberto at debian.org
Tue May 20 20:08:08 BST 2025 


Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker


Commits:
471a8548 by Roberto C. Sánchez at 2025-05-20T15:07:49-04:00
Reserve DLA-4175-1 for mongo-c-driver

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -94008,7 +94008,6 @@ CVE-2024-6383 (The bson_string_append function in MongoDB C Driver may be vulner
 	[bookworm] - libbson-xs-perl 0.8.4-2+deb12u1
 	- mongo-c-driver 1.27.1-1
 	[bookworm] - mongo-c-driver 1.23.1-1+deb12u1
-	[bullseye] - mongo-c-driver <no-dsa> (Minor issue)
 	NOTE: https://jira.mongodb.org/browse/CDRIVER-5628
 	NOTE: Fixed by: https://github.com/mongodb/mongo-c-driver/commit/1d642e461e7c0e26abe3a90c7bbac081ac4a0053 (1.28.0)
 	NOTE: Fixed by: https://github.com/mongodb/mongo-c-driver/commit/7c34461863211be172e6317221d72e4429bed45e (1.27.1)
@@ -94253,7 +94252,6 @@ CVE-2024-6381 (The bson_strfreev function in the MongoDB C driver library may be
 	[bookworm] - libbson-xs-perl 0.8.4-2+deb12u1
 	- mongo-c-driver 1.26.2-1
 	[bookworm] - mongo-c-driver 1.23.1-1+deb12u1
-	[bullseye] - mongo-c-driver <no-dsa> (Minor issue)
 	NOTE: https://jira.mongodb.org/browse/CDRIVER-5622
 	NOTE: Fixed by: https://github.com/mongodb/mongo-c-driver/commit/361c2e669be1c41f9638530b3867f316e96692bb (1.27.0)
 	NOTE: Fixed by: https://github.com/mongodb/mongo-c-driver/commit/effd95c34ad421df94eec7c69236f0e4172552d0 (1.26.2)
@@ -204721,7 +204719,6 @@ CVE-2023-0437 (When calling bson_utf8_validateon some inputs a loop with an exit
 	[bookworm] - libbson-xs-perl 0.8.4-2+deb12u1
 	- mongo-c-driver 1.25.0-1
 	[bookworm] - mongo-c-driver 1.23.1-1+deb12u1
-	[bullseye] - mongo-c-driver <no-dsa> (Minor issue)
 	[buster] - mongo-c-driver <ignored> (Minor issue)
 	NOTE: https://jira.mongodb.org/browse/CDRIVER-4747
 	NOTE: Fixed by: https://github.com/mongodb/mongo-c-driver/commit/fd3a978b35cac8f3c78c4d9a1b08fd5aa4d440b8 (1.25.0)
@@ -333841,7 +333838,6 @@ CVE-2021-32050 (Some MongoDB Drivers may erroneously publish events containing a
 	[bullseye] - php-mongodb <no-dsa> (Minor issue)
 	[buster] - php-mongodb <no-dsa> (Minor issue)
 	- mongo-c-driver 1.18.0-1
-	[bullseye] - mongo-c-driver <no-dsa> (Minor issue)
 	[buster] - mongo-c-driver <no-dsa> (Minor issue)
 	- node-mongodb <unfixed> (bug #1052663)
 	[bookworm] - node-mongodb <no-dsa> (Minor issue)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[20 May 2025] DLA-4175-1 mongo-c-driver - security update
+	{CVE-2021-32050 CVE-2023-0437 CVE-2024-6381 CVE-2024-6383 CVE-2025-0755}
+	[bullseye] - mongo-c-driver 1.17.6-1+deb11u1
 [20 May 2025] DLA-4174-1 openjdk-11 - security update
 	{CVE-2025-21587 CVE-2025-30691 CVE-2025-30698}
 	[bullseye] - openjdk-11 11.0.27+6-1~deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -235,12 +235,6 @@ mina2
   NOTE: 20250114: Patches for CVE-2024-52046 https://github.com/apache/mina/commit/f9cc5ada6ebef4ee7cc51aac824e42e2e422310e (2.2.4) and ... (dleidert)
   NOTE: 20250114: ... https://github.com/apache/mina/commit/cdb59eb6131696a440870ab89ad0e20804eb5ca7 (2.1.10) (dleidert)
 --
-mongo-c-driver (roberto)
-  NOTE: 20250331: Added by Front-Desk (apo)
-  NOTE: 20250418: submitted to bookworm-pu, https://bugs.debian.org/1103557 (roberto)
-  NOTE: 20250519: PU was accepted 20250426 and went into bookworm 12.11 (roberto)
-  NOTE: 20250519: WIP, but nearly done with backporting the patches (roberto)
---
 musl
   NOTE: 20250217: Added by Front-Desk (Beuc)
   NOTE: 20250218: Requested review. (lamby)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/471a85489968e6583b33be88c23fb1b63f83d216

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/471a85489968e6583b33be88c23fb1b63f83d216
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250520/0e7ef72b/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list