Hi, On Mon, Mar 31, 2025 at 04:58:15PM +0300, Adrian Bunk wrote: > Package: libbson-xs-perl > Version: 0.8.4-3 > Severity: serious > Tags: security > X-Debbugs-Cc: Debian Security Team <t...@security.debian.org> > > https://metacpan.org/dist/BSON-XS > > Changes for version v0.8.4 - 2020-08-13 > !!! END OF LIFE NOTICE !!! > As of August 13, 2020, the BSON-XS library has reached end of life > and is no longer supported by MongoDB. > > > The security aspect of this bug is that some/all of the bson CVEs > against mongo-c-driver might also apply to the copy of the bson code > in libbson-xs-perl. > > An alternative solution for the latter might be patching the source to > build with libbson-dev.
"Ideally" the removal would be the right choice gien the deprecation/end-of-life, but I fear that is not possible at this stage in the freeze. libmongodb-perl has AFAICS a depends on libbson-xs-perl and libmongodb-perl has some reverse dependencies. gregor, yadd, any opinions from you here? Regards, Salvatore
