On Sun, May 03, 2026 at 11:28:38AM +0100, Adam D. Barratt wrote: > Control: tags -1 + confirmed > > On Mon, 2026-04-27 at 20:23 -0400, Roberto C. Sanchez wrote: > > Address the following issues: > > > > * Fix CVE-2026-6231: bson_validate may skip validation when processing > > certain inputs > > * Fix CVE-2026-4359: a compromised third party cloud server or > > man-in-the-middle attacker could send a malformed HTTP response and > > cause > > an application crash > > * Fix: improve handling of corrupt GridFS files (upstream ticket: > > https://jira.mongodb.org/browse/CDRIVER-6281) > > * Fix CVE-2025-14911: user-controlled chunkSize metadata from lacks > > appropriate validation allowing malformed GridFS metadata to overflow > > the > > bounding container > > * Fix CVE-2026-6691: Cyrus SASL integration performs unsafe string > > copying > > during username canonicalization, enabling a heap buffer overflow > > before > > any authentication or network traffic > > Please go ahead. > Thanks! Uploaded.
-- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
