protobuf (3.12.4-1ubuntu7.22.04.4) jammy-security; urgency=medium
* SECURITY UPDATE: DoS via python recursion limit
- debian/patches/CVE-2025-4565.patch: add recursion depth limits to
python/google/protobuf/internal/decoder.py,
python/google/protobuf/internal/decoder_test.py,
python/google/protobuf/internal/message_test.py,
python/google/protobuf/internal/python_message.py,
python/google/protobuf/internal/self_recursive.proto,
python/setup.py.
- CVE-2025-4565
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 04 Jul 2025 12:02:11 -0400
protobuf (3.12.4-1ubuntu7.22.04.2) jammy-security; urgency=medium
* SECURITY UPDATE: Stack overflow.
- debian/patches/CVE-2024-7254-*.patch: Add recursion checks and recursion
limit in .../protobuf/ArrayDecoders.java,
.../protobuf/CodedInputStream.java, .../protobuf/MessageSchema.java, and
.../protobuf/MessageSetSchema.java. Add tests.
- CVE-2024-7254
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Mon, 07 Apr 2025 15:47:33 -0230
protobuf (3.12.4-1ubuntu7.22.04.1) jammy-security; urgency=medium
* SECURITY UPDATE: DoS in protobuf-java parser
- debian/patches/CVE-2021-22569.patch: Improve performance of parsing
unknown fields in Java
- CVE-2021-22569
* SECURITY UPDATE: Null pointer dereference issue
- debian/patches/CVE-2021-22570.patch: fix null pointer dereference
- CVE-2021-22570
* SECURITY UPDATE: Dos vulnerability in cpp and python parser
- debian/patches/CVE-2022-1941.patch: fix parsing vulnerability for the
MessageSet type
- CVE-2022-1941
-- Nishit Majithia <nishit.majithia@canonical.com> Thu, 09 Mar 2023 15:05:50 +0530
protobuf (3.12.4-1ubuntu7) jammy; urgency=medium
* No-change rebuild with Python 3.10 only
-- Graham Inggs <ginggs@ubuntu.com> Thu, 17 Mar 2022 19:36:00 +0000
protobuf (3.12.4-1ubuntu6) jammy; urgency=medium
* No-change upload due to ruby3.0 transition, remove ruby2.7 support.
-- Lucas Kanashiro <kanashiro@ubuntu.com> Fri, 03 Dec 2021 13:13:08 -0300
protobuf (3.12.4-1ubuntu5) jammy; urgency=medium
* debian/patches/0001-Fix-Python-3.10-C-tests-9128.patch: Cherry-pick
patch from upstream to fix build failure with python 3.10.
-- Steve Langasek <steve.langasek@ubuntu.com> Wed, 17 Nov 2021 04:43:34 +0000
protobuf (3.12.4-1ubuntu4) jammy; urgency=medium
* No-change rebuild to add python3.10.
-- Matthias Klose <doko@ubuntu.com> Sat, 16 Oct 2021 06:57:25 +0000
protobuf (3.12.4-1ubuntu3) impish; urgency=medium
* No-change rebuild to build with gcc-11 (LP: #1939413)
-- Gunnar Hjalmarsson <gunnarhj@ubuntu.com> Thu, 12 Aug 2021 12:38:56 +0200
protobuf (3.12.4-1ubuntu2) hirsute; urgency=medium
* No-change rebuild to build with lto.
-- Matthias Klose <doko@ubuntu.com> Mon, 29 Mar 2021 08:24:14 +0200
protobuf (3.12.4-1ubuntu1) hirsute; urgency=low
* Merge from Debian unstable. Remaining changes:
- Don't build elpa stuff on i386
-- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 26 Jan 2021 16:42:40 +0100
# For older changelog entries, run 'apt-get changelog libprotobuf-lite23'
Generated by dwww version 1.14 on Wed Aug 27 08:39:31 CEST 2025.