-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 26 Mar 2024 17:49:06 -0600 Source: golang-google-protobuf Architecture: source Version: 1.33.0-1 Distribution: unstable Urgency: medium Maintainer: Debian Go Packaging Team <team+pkg-go@tracker.debian.org> Changed-By: Anthony Fok <foka@debian.org> Closes: 1065684 Changes: golang-google-protobuf (1.33.0-1) unstable; urgency=medium . * New upstream version 1.33.0 . encoding/protojson, internal/encoding/json: handle missing object values . In internal/encoding/json, report an error when encountering a } when we are expecting an object field value. For example, the input `{"":}` now correctly results in an error at the closing } token. . In encoding/protojson, check for an unexpected EOF token in skipJSONValue. This is redundant with the check in internal/encoding/json, but adds a bit more defense against any other similar bugs that might exist. . Fixes CVE-2024-24786 (Closes: #1065684) . * DH_GOLANG_INSTALL_EXTRA: Update path to editions_defaults.binpb which was moved from reflect/protodesc/ to internal/editiondefaults/ Checksums-Sha1: b4aaad31d00d1ab4eccdbf8624d3b7831a3ab61a 2381 golang-google-protobuf_1.33.0-1.dsc 9673951a743296d76d1a474871c2443f7a449ffc 812348 golang-google-protobuf_1.33.0.orig.tar.xz 5a249134d9e0c499bd70f8978155a5ccd2573eaf 4060 golang-google-protobuf_1.33.0-1.debian.tar.xz d65004dfe310321fe0bfacd5a7a9ff8f2bcf15bd 6838 golang-google-protobuf_1.33.0-1_amd64.buildinfo Checksums-Sha256: 1274db27a31a56d97a94efd04ed288922bbe8dcc46cf2e805ced2cd423bb8a01 2381 golang-google-protobuf_1.33.0-1.dsc 40d83211cdfc25e1c13c6de527b33516c21d6ef48188070ff22f29330abe4f84 812348 golang-google-protobuf_1.33.0.orig.tar.xz 9469684733b7810b2a382ea2c0e801c4b0b4bd90bc41399e3a76d8760996ac03 4060 golang-google-protobuf_1.33.0-1.debian.tar.xz ce0906317aab1c72969211523151d466ac98416e798139c8a7eec0eacefb6aa7 6838 golang-google-protobuf_1.33.0-1_amd64.buildinfo Files: 9f76d0ea63ae9eb01ff3917847cd8ebc 2381 golang optional golang-google-protobuf_1.33.0-1.dsc e102870db4b3dfb32af3ee85f427acad 812348 golang optional golang-google-protobuf_1.33.0.orig.tar.xz b7485bec7ce51cb4b820b7c0df1c3a6e 4060 golang optional golang-google-protobuf_1.33.0-1.debian.tar.xz 1e8b2ecc9959e7a38402e295616a05ef 6838 golang optional golang-google-protobuf_1.33.0-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJEBAEBCAAuFiEEFCQhsZrUqVmW+VBy6iUAtBLFms8FAmYDYDAQHGZva2FAZGVi aWFuLm9yZwAKCRDqJQC0EsWazzzsD/sGWkFsY9HxvjV+I3uOVIJFVNXno5jjvq+K r4gn+iZeL6lXXZEUe5i0o+qBAoLdTCQ0e7LYnDLxQVrlWi7NgVvME75O0TjsMX3s F+eevszYhb0MKeXq0VFmBDv+ZHVQoVgsom/2QDzJ9G70M1FIYc4QjQ/cQZ3DtyLc SOf6J/520TdIIx4SC8ht54874GVxehBCSBk+ZRh4qnJc8OZfgg6qISEy3zhzov12 AEPc7E2mmjZJwF16V9X6MMRJteEy4j4fTfEQ9GpQ+Gg9rnXwYSupuSINISQ8adiV t8K7NCy9SZh/SIkUjTXcHskobTlUmajpBzDfJvl/W/1+nnZKjcHfMq9JcS0T7pyf Nee3zubnjdIA9212hO27ygJcoQrPNsZ2yhLEn74NMY8W+z5u15qtqi6qlQ/xVcb3 kwvOtzd3pIUcD+RbN4w1tKcD5ATW5Tlo2awt7DkKHOAtbXNf42N2/jlJbHWeMjgB wDHFH0lVs7mZQT16glt8cvSZPjJyqPKzeVfAR2rnkBz162qjNLndeycyyGGXS9Wd gWvu/Yk3VJyf8N5g8Qb+EVJQxX6XPXSaWWMaxaSaJ8PBVW1V2+hPEuseuLY0sZHV 4kk0e4GtlzbMRDuDTm3Yq4XWVFiwLbtl4kw07u0QpHW9vRmLwClnDa0REJ4aGtih idTusSuIxg== =Ph/5 -----END PGP SIGNATURE-----
