[ubuntu/questing-proposed] protobuf 3.21.12-11ubuntu1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Mon Jul 7 19:01:15 UTC 2025 

protobuf (3.21.12-11ubuntu1) questing; urgency=medium

  * SECURITY UPDATE: DoS via python recursion limit
    - debian/patches/CVE-2025-4565.patch: add recursion depth limits to
      python/google/protobuf/internal/decoder.py,
      python/google/protobuf/internal/decoder_test.py,
      python/google/protobuf/internal/message_test.py,
      python/google/protobuf/internal/python_message.py,
      python/google/protobuf/internal/self_recursive.proto,
      python/setup.py.
    - CVE-2025-4565

Date: Mon, 07 Jul 2025 13:55:00 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/protobuf/3.21.12-11ubuntu1
-------------- next part --------------
Format: 1.8
Date: Mon, 07 Jul 2025 13:55:00 -0400
Source: protobuf
Built-For-Profiles: noudeb
Architecture: source
Version: 3.21.12-11ubuntu1
Distribution: questing
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 protobuf (3.21.12-11ubuntu1) questing; urgency=medium
 .
   * SECURITY UPDATE: DoS via python recursion limit
     - debian/patches/CVE-2025-4565.patch: add recursion depth limits to
       python/google/protobuf/internal/decoder.py,
       python/google/protobuf/internal/decoder_test.py,
       python/google/protobuf/internal/message_test.py,
       python/google/protobuf/internal/python_message.py,
       python/google/protobuf/internal/self_recursive.proto,
       python/setup.py.
     - CVE-2025-4565
Checksums-Sha1:
 fdec6647e38165fe35defcd0eae00f08fec835f4 3150 protobuf_3.21.12-11ubuntu1.dsc
 cdba6d53128bdae72c531162901d972da77015ea 40784 protobuf_3.21.12-11ubuntu1.debian.tar.xz
 4551d15c633630959743d105301c67214dbaf678 10129 protobuf_3.21.12-11ubuntu1_source.buildinfo
Checksums-Sha256:
 cb6f5d21cd7ba2d20f31456fd0b521f42706b6a94d3bca7071a2cc5550797616 3150 protobuf_3.21.12-11ubuntu1.dsc
 8ef859401ac8abd67bccedb2507924f4fdad42af928c7bd77e5d9fe77107a329 40784 protobuf_3.21.12-11ubuntu1.debian.tar.xz
 8c47e6d23fead52d35e85f8e239841bb2ef3fef9274357da6b7f8e0a61cf30c5 10129 protobuf_3.21.12-11ubuntu1_source.buildinfo
Files:
 89db1ee6f298de95d664cac4873e74e7 3150 devel optional protobuf_3.21.12-11ubuntu1.dsc
 a3b7c91289fd8b98cfa8efd43aac26e3 40784 devel optional protobuf_3.21.12-11ubuntu1.debian.tar.xz
 83ba6cf067d3e39762766e303636a0b7 10129 devel optional protobuf_3.21.12-11ubuntu1_source.buildinfo
Original-Maintainer: Laszlo Boszormenyi (GCS) <gcs at debian.org>

More information about the Questing-changes mailing list