[SECURITY] [DLA 3832-1] pymongo security update

To: <[email protected]>
Subject: [SECURITY] [DLA 3832-1] pymongo security update
From: [email protected]
Date: Mon, 17 Jun 2024 11:44:11 +0000
Message-id: <[🔎] [email protected]>
Mail-followup-to: [email protected]
Reply-to: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3832-1                [email protected]
https://www.debian.org/lts/security/                   Bastien RoucariÃ¨s
June 17, 2024                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : pymongo
Version        : 3.7.1-1.1+deb10u1
CVE ID         : CVE-2024-5629

An out-of-bounds read in the 'bson' module allowed deserialization of
malformed BSON provided by a Server to raise an exception which may contain
arbitrary application memory.

For Debian 10 buster, this problem has been fixed in version
3.7.1-1.1+deb10u1.

We recommend that you upgrade your pymongo packages.

For the detailed security status of pymongo please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pymongo

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmZwIYsRHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF+DpBAAghm8McmZjTlWyOKExpE8u0tGdyvkctO1
952YPy/RxqQWfYNcutJ0Nsimqj/8AbUJy6/E4t5tD+tLSU5+7PGxbBBtgsyGaG7a
UVVlhAtuLm4qquONmZbW4bUR8vO4PFTOnWcCyBLmqigsiHoOZotQUm2EqbWgLHxo
63raFYaox3q/ZRl5UrTrtAGpP3iYBLKLPEZeS+Ay8e8Ug+IfqrNuakT9DFAOGTiJ
cPjTrCmOnJ16+2dn4E/zhAMq4jBMcCLvT9042gKot7Hi5lmuyWdYNwATKlkau1y7
ghP5FxAMnxwJyTBi9zqPPBfyE+F8JdYHrbAlEwzDuLB75Gc7tjWfzQ0l29nn9hfa
kiBky/uo39YZ3FC7hTA8mqK14gtjDB0JVD4I7+jEsOxX6+uJsadxamvHiZNkaxA/
oVyZ8Z06SS7JGU1uEKdj9bCqH/cz5FAADA5a705RuXgujP0jkczs86HAxCDJnSNX
KQ2xQXJyiRiKikMadm1PUsjEx4eM73rBrIVlSvwam+LQi1SYWTgQ2NkwHRFF3pAx
wMZdMFANhqszol7A7rebrQFivlL0m9ZNxw4EApM+uopw6AIEUEhGk2HPtX5wST+w
bKHsOM2kXkB2iKa6V8LAfIANxY8+g+nbm5aFu+FgvCo9gL7VQx01NzOtRVIr3ML1
gK3/YoOlZds=
=Ip7j
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3831-1] nano security update
Next by Date: [SECURITY] [DLA 3835-1] roundcube security update
Previous by thread: [SECURITY] [DLA 3831-1] nano security update
Next by thread: [SECURITY] [DLA 3835-1] roundcube security update
Index(es):
- Date
- Thread