Hi,
On Tue, Apr 01, 2025 at 07:15:13AM +0200, Yadd wrote:
On 3/31/25 22:12, Salvatore Bonaccorso wrote:
Hi,
On Mon, Mar 31, 2025 at 04:58:15PM +0300, Adrian Bunk wrote:
Package: libbson-xs-perl
Version: 0.8.4-3
Severity: serious
Tags: security
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
https://metacpan.org/dist/BSON-XS
Changes for version v0.8.4 - 2020-08-13
!!! END OF LIFE NOTICE !!!
As of August 13, 2020, the BSON-XS library has reached end of life and is no longer supported by MongoDB.
The security aspect of this bug is that some/all of the bson CVEs
against mongo-c-driver might also apply to the copy of the bson code
in libbson-xs-perl.
An alternative solution for the latter might be patching the source to build with libbson-dev.
"Ideally" the removal would be the right choice gien the deprecation/end-of-life, but I fear that is not possible at this stage
in the freeze. libmongodb-perl has AFAICS a depends on libbson-xs-perl
and libmongodb-perl has some reverse dependencies.
gregor, yadd, any opinions from you here?
Regards,
Salvatore
Hi,
we can remove BSON::XS from libmongodb-perl dependencies, it will affects only performances. I tested the build, it works.
I have filled #1102011 for that.
Regards,
Salvatore
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)