Bug#913896:

2018-11-18 Thread A. Jesse Jiryu Davis
I'm a libbson maintainer, and I believe this is only a minor bug, not a grave vulnerability. The bug is triggered when libbson reads BSON data corrupted in a specific manner. The faulty logic will read up to 4 bytes past the end of a buffer. This is not a grave vulnerability for two reasons. Firs

Processed: Re: Bug#913896: CVE-2018-16790

2018-11-17 Thread Debian Bug Tracking System
Processing commands for cont...@bugs.debian.org: > retitle 913896 libbson: heap-based buffer over-read via a crafted bson buffer Bug #913896 [src:libbson] CVE-2018-16790 Changed Bug title to 'libbson: heap-based buffer over-read via a crafted bson buffer' from 'CVE-2018-16790&#

Bug#913896: CVE-2018-16790

2018-11-16 Thread Moritz Muehlenhoff
Source: libbson Severity: grave Tags: security Please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16790 Cheers, Moritz