-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 29 Apr 2025 21:27:02 +0200 Source: protobuf Architecture: source Version: 3.21.12-11 Distribution: unstable Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org> Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org> Closes: 1082381 Changes: protobuf (3.21.12-11) unstable; urgency=high . * Fix CVE-2024-7254: when parsing unknown fields in the Protobuf Java Lite and Full library, a maliciously crafted message can cause a StackOverflow error and lead to a program crash (closes: #1082381). Checksums-Sha1: 29a73fcff72f2a7f57f016360dc671b608a65009 3043 protobuf_3.21.12-11.dsc ffa01b91e66875c2cb5e12e63f8e264318d47e9b 37556 protobuf_3.21.12-11.debian.tar.xz Checksums-Sha256: 3edfb7884fd89d805e88b0a61b85a7339e50709d3575b28659ef21c5b8c5b686 3043 protobuf_3.21.12-11.dsc ee6e17387b4b53c1679d156cea20c6812c4dac50f07da533a63a15e24d58fc57 37556 protobuf_3.21.12-11.debian.tar.xz Files: 9f558845157ae9ce5cf9bdbf6af95086 3043 devel optional protobuf_3.21.12-11.dsc ff8c2ce41f561d0ad1ddae805f9280cd 37556 devel optional protobuf_3.21.12-11.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAmgRQaYACgkQ3OMQ54ZM yL96Ag//bFWVtD9SqVnbwcF4vlHtCGewbz1uiHamFABPmhba3/JYgkiechlY3FNm L6bpV6h6XrEtLWEIWzsqdzJds3ZfyxH4iWMhWCHDieeap76EgQQuDI4nuA8eJ8GW 9WwKM2SZFYS0Hdsq7Sl3RNogPr6owS3w4psPzJ8PJlC3zTerBYu76BuO/cY1zTjw BJ7RcrUR0GM5lvhNGfxZ72jzqhN4xr9NZbCBj/e0aWvtLHP0vtrQXtG7Cdi1Gqxc SEECIPl4hjI2FcEiC9Mb1I1biWGq9fEfhWRUX7QAZKaRqfvbz4UL85qP+142C4Dc yNl/nZ5gUv5W0PzBZqcjC/qEFCpfmgDzJvv0axUQ5VxVF1zHUa3P0mEuUEOuxUMc r/otz/4d5f1U3bgnzRfM6Mr8GzIOtLlZrtUs0TF9uNzRaKNxRWnlJMmFKOE5hZJY iH8ve3vGqEgh1A5uYJXCOupXm4jusONcKUjgx2ZJDMResUld7dqBUcwpPXUVbqiY RdDKeBxT4Y4cP/8E5S/hWCRwGPnNSCxDDgWa+7cMFWBYH/bjT1Bk7tnrlKfZbpfF M2s+d4NECPFK0CvHe5Tu3FMTTccZGWQWzzngHERDxAa9QsZIJkK85A5SLpYyxvur sKbCqmNRhIOknfsL0gG5FL2viq09ZF0tyo8HNF0Oh2FSWHxWDvY= =Z6kc -----END PGP SIGNATURE-----