UbuntuUpdates.org

Package "libprotobuf-lite10"

Name: libprotobuf-lite10

Description:

protocol buffers C++ library (lite version)

Latest version: 3.0.0-9.1ubuntu1.1
Release: bionic (18.04)
Level: security
Repository: main
Head package: protobuf
Homepage: https://github.com/google/protobuf/

Links


Download "libprotobuf-lite10"


Other versions of "libprotobuf-lite10" in Bionic

Repository Area Version
base main 3.0.0-9.1ubuntu1
updates main 3.0.0-9.1ubuntu1.1

Changelog

Version: 3.0.0-9.1ubuntu1.1 2023-03-13 07:06:52 UTC

  protobuf (3.0.0-9.1ubuntu1.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Null pointer dereference issue
    - debian/patches/CVE-2021-22570.patch: fix null pointer dereference
    - CVE-2021-22570
  * SECURITY UPDATE: Dos vulnerability in cpp and python parser
    - debian/patches/CVE-2022-1941.patch: fix parsing vulnerability for the
      MessageSet type
    - CVE-2022-1941

 -- Nishit Majithia <email address hidden> Thu, 09 Mar 2023 14:14:21 +0530

CVE-2021-22570 Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file
CVE-2022-1941 A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.2



About   -   Send Feedback to @ubuntu_updates