Package: release.debian.org Severity: normal Tags: bookworm X-Debbugs-Cc: pymo...@packages.debian.org Control: affects -1 + src:pymongo User: release.debian....@packages.debian.org Usertags: pu
[ Reason ]
CVE-2024-5629
[ Impact ]
An out-of-bounds read in the 'bson' module allows deserialization
of malformed BSON provided by a Server to raise an exception which may contain
arbitrary application memory
[ Tests ]
Test suite of package
[ Risks ]
code is near trivial
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
* QA upload
* Fix CVE-2024-5629: An out-of-bounds read in the
'bson' module allowed deserialization of malformed BSON
* Use correct salsa CI
+ provided by a Server to raise an exception which may
+ contain arbitrary application memory
[ Other info ]
QA upload package is orphaned
diff -Nru pymongo-3.11.0/debian/changelog pymongo-3.11.0/debian/changelog --- pymongo-3.11.0/debian/changelog 2020-10-17 21:23:41.000000000 +0000 +++ pymongo-3.11.0/debian/changelog 2024-06-16 17:42:49.000000000 +0000 @@ -1,3 +1,13 @@ +pymongo (3.11.0-1+deb12u1) bookworm; urgency=medium + + * QA upload + * Fix CVE-2024-5629: An out-of-bounds read in the + 'bson' module allowed deserialization of malformed BSON + provided by a Server to raise an exception which may + contain arbitrary application memory + + -- Bastien Roucari??s <ro...@debian.org> Sun, 16 Jun 2024 17:42:49 +0000 + pymongo (3.11.0-1) unstable; urgency=medium [ Federico Ceratto ] diff -Nru pymongo-3.11.0/debian/control pymongo-3.11.0/debian/control --- pymongo-3.11.0/debian/control 2020-10-17 21:23:41.000000000 +0000 +++ pymongo-3.11.0/debian/control 2024-06-16 17:42:49.000000000 +0000 @@ -1,7 +1,7 @@ Source: pymongo Section: python Priority: optional -Maintainer: Federico Ceratto <feder...@debian.org> +Maintainer: Debian QA Group <packa...@qa.debian.org> Build-Depends: debhelper-compat (= 13), dh-python, python3-all-dev, diff -Nru pymongo-3.11.0/debian/gitlab-ci.yml pymongo-3.11.0/debian/gitlab-ci.yml --- pymongo-3.11.0/debian/gitlab-ci.yml 2020-10-17 21:23:41.000000000 +0000 +++ pymongo-3.11.0/debian/gitlab-ci.yml 2024-06-16 17:42:49.000000000 +0000 @@ -1,9 +1,7 @@ -image: registry.salsa.debian.org/salsa-ci-team/ci-image-git-buildpackage:latest +--- +include: + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml -build: - artifacts: - paths: - - "*.deb" - expire_in: 1 day - script: - - gitlab-ci-git-buildpackage-all +variables: + RELEASE: 'bookworm' diff -Nru pymongo-3.11.0/debian/patches/0002-CVE-2024-5629-PYTHON-4305-Fix-bson-size-check.patch pymongo-3.11.0/debian/patches/0002-CVE-2024-5629-PYTHON-4305-Fix-bson-size-check.patch --- pymongo-3.11.0/debian/patches/0002-CVE-2024-5629-PYTHON-4305-Fix-bson-size-check.patch 1970-01-01 00:00:00.000000000 +0000 +++ pymongo-3.11.0/debian/patches/0002-CVE-2024-5629-PYTHON-4305-Fix-bson-size-check.patch 2024-06-16 17:42:49.000000000 +0000 @@ -0,0 +1,51 @@ +From: Shane Harvey <shn...@gmail.com> +Date: Wed, 27 Mar 2024 13:16:55 -0700 +Subject: CVE-2024-5629 PYTHON-4305 Fix bson size check + +An out-of-bounds read in the 'bson' module allows deserialization +of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory. + +bug: https://jira.mongodb.org/browse/PYTHON-4305 +bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2024-5629 +origin: https://patch-diff.githubusercontent.com/raw/mongodb/mongo-python-driver/pull/1564.patch +--- + bson/_cbsonmodule.c | 11 +++++------ + 1 file changed, 5 insertions(+), 6 deletions(-) + +diff --git a/bson/_cbsonmodule.c b/bson/_cbsonmodule.c +index f457f96..02d9105 100644 +--- a/bson/_cbsonmodule.c ++++ b/bson/_cbsonmodule.c +@@ -2334,6 +2334,7 @@ static PyObject* get_value(PyObject* self, PyObject* name, const char* buffer, + uint32_t c_w_s_size; + uint32_t code_size; + uint32_t scope_size; ++ uint32_t len; + PyObject* code; + PyObject* scope; + PyObject* code_type; +@@ -2353,7 +2354,8 @@ static PyObject* get_value(PyObject* self, PyObject* name, const char* buffer, + memcpy(&code_size, buffer + *position, 4); + code_size = BSON_UINT32_FROM_LE(code_size); + /* code_w_scope length + code length + code + scope length */ +- if (!code_size || max < code_size || max < 4 + 4 + code_size + 4) { ++ len = 4 + 4 + code_size + 4; ++ if (!code_size || max < code_size || max < len || len < code_size) { + goto invalid; + } + *position += 4; +@@ -2371,12 +2373,9 @@ static PyObject* get_value(PyObject* self, PyObject* name, const char* buffer, + + memcpy(&scope_size, buffer + *position, 4); + scope_size = BSON_UINT32_FROM_LE(scope_size); +- if (scope_size < BSON_MIN_SIZE) { +- Py_DECREF(code); +- goto invalid; +- } + /* code length + code + scope length + scope */ +- if ((4 + code_size + 4 + scope_size) != c_w_s_size) { ++ len = 4 + 4 + code_size + scope_size; ++ if (scope_size < BSON_MIN_SIZE || len != c_w_s_size || len < scope_size) { + Py_DECREF(code); + goto invalid; + } diff -Nru pymongo-3.11.0/debian/patches/series pymongo-3.11.0/debian/patches/series --- pymongo-3.11.0/debian/patches/series 2020-10-17 21:23:41.000000000 +0000 +++ pymongo-3.11.0/debian/patches/series 2024-06-16 17:42:49.000000000 +0000 @@ -1 +1,2 @@ fcb6a8ecbc98fceca138d74fb09b516b172bb4e0.patch +0002-CVE-2024-5629-PYTHON-4305-Fix-bson-size-check.patch
signature.asc
Description: This is a digitally signed message part.
