UbuntuUpdates.org

Package "protobuf"

Name: protobuf

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • protocol buffers C++ library (development files) and proto files
  • protocol buffers C++ library (lite version)
  • protocol buffers C++ library
  • protocol buffers compiler library (development files)
Latest version: 3.6.1.3-2ubuntu5.2
Release: focal (20.04)
Level: security
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "protobuf" in Focal

Repository Area Version
base main 3.6.1.3-2ubuntu5
base universe 3.6.1.3-2ubuntu5
security universe 3.6.1.3-2ubuntu5.2
updates main 3.6.1.3-2ubuntu5.2
updates universe 3.6.1.3-2ubuntu5.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.6.1.3-2ubuntu5.2 2023-03-13 07:06:56 UTC

  protobuf (3.6.1.3-2ubuntu5.2) focal-security; urgency=medium

  * SECURITY UPDATE: Null pointer dereference issue
    - debian/patches/CVE-2021-22570.patch: fix null pointer dereference
    - CVE-2021-22570
  * SECURITY UPDATE: Dos vulnerability in cpp and python parser
    - debian/patches/CVE-2022-1941.patch: fix parsing vulnerability for the
      MessageSet type
    - CVE-2022-1941

 -- Nishit Majithia <email address hidden> Thu, 09 Mar 2023 14:45:33 +0530
CVE-2021-22570 Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file
CVE-2022-1941 A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.2


About   -   Send Feedback to @ubuntu_updates