UbuntuUpdates.org

Package "libprotobuf-java"

Name: libprotobuf-java

Description:

Java bindings for protocol buffers

Latest version: 3.21.12-8.2ubuntu0.2
Release: noble (24.04)
Level: security
Repository: universe
Head package: protobuf
Homepage: https://github.com/google/protobuf/

Links


Download "libprotobuf-java"


Other versions of "libprotobuf-java" in Noble

Repository Area Version
base universe 3.21.12-8.2build1
updates universe 3.21.12-8.2ubuntu0.2

Changelog

Version: 3.21.12-8.2ubuntu0.2 2025-07-09 15:07:21 UTC

  protobuf (3.21.12-8.2ubuntu0.2) noble-security; urgency=medium

  * SECURITY UPDATE: DoS via python recursion limit
    - debian/patches/CVE-2025-4565.patch: add recursion depth limits to
      python/google/protobuf/internal/decoder.py,
      python/google/protobuf/internal/decoder_test.py,
      python/google/protobuf/internal/message_test.py,
      python/google/protobuf/internal/python_message.py,
      python/google/protobuf/internal/self_recursive.proto,
      python/setup.py.
    - CVE-2025-4565

 -- Marc Deslauriers <email address hidden> Fri, 04 Jul 2025 10:52:30 -0400

Source diff to previous version
CVE-2025-4565 Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recur

Version: 3.21.12-8.2ubuntu0.1 2025-04-14 16:07:09 UTC

  protobuf (3.21.12-8.2ubuntu0.1) noble-security; urgency=medium

  * SECURITY UPDATE: Stack overflow.
    - debian/patches/CVE-2024-7254-*.patch: Add recursion checks and recursion
      limit in .../protobuf/ArrayDecoders.java,
      .../protobuf/CodedInputStream.java, .../protobuf/MessageSchema.java, and
      .../protobuf/MessageSetSchema.java. Add tests.
    - CVE-2024-7254

 -- Hlib Korzhynskyy <email address hidden> Mon, 07 Apr 2025 12:24:21 -0230

CVE-2024-7254 Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exce



About   -   Send Feedback to @ubuntu_updates