UbuntuUpdates.org

Package "libprotobuf-java"

Name: libprotobuf-java

Description:

Java bindings for protocol buffers

Latest version: 3.21.12-10ubuntu0.1
Release: plucky (25.04)
Level: security
Repository: universe
Head package: protobuf
Homepage: https://github.com/google/protobuf/

Links


Download "libprotobuf-java"


Other versions of "libprotobuf-java" in Plucky

Repository Area Version
base universe 3.21.12-10build2
updates universe 3.21.12-10ubuntu0.1

Changelog

Version: 3.21.12-10ubuntu0.1 2025-07-09 15:07:30 UTC

  protobuf (3.21.12-10ubuntu0.1) plucky-security; urgency=medium

  [ Hlib Korzhynskyy ]
  * SECURITY UPDATE: Stack overflow.
    - debian/patches/CVE-2024-7254-*.patch: Add recursion checks and
      recursion limit in .../protobuf/ArrayDecoders.java,
      .../protobuf/CodedInputStream.java, .../protobuf/MessageSchema.java,
      and .../protobuf/MessageSetSchema.java. Add tests.
    - CVE-2024-7254

  [ Marc Deslauriers ]
  * SECURITY UPDATE: DoS via python recursion limit
    - debian/patches/CVE-2025-4565.patch: add recursion depth limits to
      python/google/protobuf/internal/decoder.py,
      python/google/protobuf/internal/decoder_test.py,
      python/google/protobuf/internal/message_test.py,
      python/google/protobuf/internal/python_message.py,
      python/google/protobuf/internal/self_recursive.proto,
      python/setup.py.
    - CVE-2025-4565

 -- Marc Deslauriers <email address hidden> Fri, 04 Jul 2025 10:52:30 -0400

CVE-2024-7254 Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exce
CVE-2025-4565 Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recur



About   -   Send Feedback to @ubuntu_updates