Debian GNU/Linux Extended LTS has received two security updates: ELA-1430-1 vim security update for Debian 8-10, and ELA-1431-1 mongo-c-driver security update for Debian 10.

ELA-1430-1 vim security update
ELA-1431-1 mongo-c-driver security update

ELA-1430-1 vim security update

Package : vim
Version : 2:7.4.488-7+deb8u12 (jessie), 2:8.0.0197-4+deb9u12 (stretch), 2:8.1.0875-5+deb10u7 (buster)

Related CVEs :
CVE-2023-4738
CVE-2023-5344
CVE-2024-22667
CVE-2024-43802
CVE-2024-47814

Multiple vulnerabilities have been fixed in the editor vim.

CVE-2023-4738
buffer-overflow in vim_regsub_both()

CVE-2023-5344
buffer-overflow in trunc_string()

CVE-2024-22667
stack-buffer-overflow in option callback functions

CVE-2024-43802
heap-buffer-overflow in ins_typebuf()

CVE-2024-47814
use-after-free when closing a buffer

ELA-1430-1 vim security update

ELA-1431-1 mongo-c-driver security update

Package : mongo-c-driver
Version : 1.14.0-1+deb10u1 (buster)

Related CVEs :
CVE-2021-32050
CVE-2023-0437
CVE-2024-6381
CVE-2024-6383
CVE-2025-0755

Multiple vulnerabilities have been discovered in the MongoDB C Driver.

CVE-2021-32050
Some MongoDB Drivers may erroneously publish events containing
authentication-related data to a command listener configured by an
application. The published events may contain security-sensitive
data when specific authentication-related commands are executed.
Without due care, an application may inadvertently expose this
sensitive information, e.g., by writing it to a log file. This issue
only arises if an application enables the command listener feature
(this is not enabled by default).

CVE-2023-0437
When calling bson_utf8_validate on some inputs a loop with an exit
condition that cannot be reached may occur, i.e. an infinite loop.

CVE-2024-6381
The bson_strfreev function in the MongoDB C driver library may be
susceptible to an integer overflow where the function will try to
free memory at a negative offset. This may result in memory
corruption.

CVE-2024-6383
The bson_string_append function in MongoDB C Driver may be
vulnerable to a buffer overflow where the function might attempt to
allocate too small of buffer and may lead to memory corruption of
neighbouring heap memory.

CVE-2025-0755
The various bson_append functions in the MongoDB C driver library
may be susceptible to buffer overflow when performing operations
that could result in a final BSON document which exceeds the maximum
allowable size (INT32_MAX), resulting in a segmentation fault and
possible application crash.

ELA-1431-1 mongo-c-driver security update