CVE-2023-0437: When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e4010a3464c1b2de50164fb7bc551903f10016b3 commit e4010a3464c1b2de50164fb7bc551903f10016b3 Author: Robert Förster <Dessa@gmake.de> AuthorDate: 2025-04-07 19:45:29 +0000 Commit: Alexys Jacob <ultrabug@gentoo.org> CommitDate: 2025-04-10 08:37:40 +0000 dev-libs/libbson: add fix for CVE-2023-0437, add proper python dep for sphinx Closes: https://bugs.gentoo.org/639540 Closes: https://bugs.gentoo.org/721170 Closes: https://bugs.gentoo.org/921953 Bug: https://bugs.gentoo.org/936109 Signed-off-by: Robert Förster <Dessa@gmake.de> Signed-off-by: Alexys Jacob <ultrabug@gentoo.org> dev-libs/libbson/Manifest | 1 + .../files/libbson-1.24.4-CVE-2023-0437.patch | 25 +++++++++ dev-libs/libbson/libbson-1.24.4-r1.ebuild | 64 ++++++++++++++++++++++ dev-libs/libbson/metadata.xml | 1 + 4 files changed, 91 insertions(+)
