| Package | pymongo |
|---|---|
| Version | 2.7.2-1+deb8u1 (jessie), 3.4.0-1+deb9u1 (stretch) |
| Related CVEs | CVE-2024-5629 |
An out-of-bounds read in the ‘bson’ module of PyMongo allowed deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory.
For Debian 8 jessie, these problems have been fixed in version 2.7.2-1+deb8u1.
For Debian 9 stretch, these problems have been fixed in version 3.4.0-1+deb9u1.
We recommend that you upgrade your pymongo packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.