Control: tags -1 + confirmed On Mon, 2026-04-27 at 20:20 -0400, Roberto C. Sanchez wrote: > Address the following issues: > > * Fix CVE-2026-6231: bson_validate may skip validation when > processing > certain inputs > * Fix CVE-2026-4359: a compromised third party cloud server or > man-in-the-middle attacker could send a malformed HTTP response > and cause > an application crash > * Fix: improve handling of corrupt GridFS files (upstream ticket: > https://jira.mongodb.org/browse/CDRIVER-6281) > * Fix CVE-2025-14911: user-controlled chunkSize metadata from > lacks > appropriate validation allowing malformed GridFS metadata to > overflow the > bounding container > * Fix CVE-2026-6691: Cyrus SASL integration performs unsafe string > copying > during username canonicalization, enabling a heap buffer > overflow before > any authentication or network traffic >
Please go ahead. Regards, Adam
