On Sun, May 03, 2026 at 12:14:32PM +0100, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Mon, 2026-04-27 at 20:20 -0400, Roberto C. Sanchez wrote: > > Address the following issues: > > > > * Fix CVE-2026-6231: bson_validate may skip validation when > > processing > > certain inputs > > * Fix CVE-2026-4359: a compromised third party cloud server or > > man-in-the-middle attacker could send a malformed HTTP response > > and cause > > an application crash > > * Fix: improve handling of corrupt GridFS files (upstream ticket: > > https://jira.mongodb.org/browse/CDRIVER-6281) > > * Fix CVE-2025-14911: user-controlled chunkSize metadata from > > lacks > > appropriate validation allowing malformed GridFS metadata to > > overflow the > > bounding container > > * Fix CVE-2026-6691: Cyrus SASL integration performs unsafe string > > copying > > during username canonicalization, enabling a heap buffer > > overflow before > > any authentication or network traffic > > > > Please go ahead. > Thanks! Uploaded.
Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
