| Release | Version |
|---|---|
| buster | 3.6.1.3-2 |
| buster (security) | 3.6.1.3-2+deb10u1 |
| bullseye | 3.12.4-1+deb11u1 |
| bookworm | 3.21.12-3 |
| trixie | 3.21.12-8 |
| sid | 3.21.12-8 |
| Bug | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2022-3510 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A parsing issue similar to CVE-2022-3171, but with Message-Type Extens ... |
| CVE-2022-3509 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A parsing issue similar to CVE-2022-3171, but with textformat in proto ... |
| CVE-2022-3171 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A parsing issue with binary data in protobuf-java core and lite versio ... |
| Bug | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2015-5237 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | protobuf allows remote authenticated attackers to cause a heap-based b ... |
| Bug | Description |
|---|---|
| CVE-2022-1941 | A parsing vulnerability for the MessageSet type in the ProtocolBuffers ... |
| CVE-2021-22570 | Nullptr dereference when a null char is present in a proto symbol. The ... |
| CVE-2021-22569 | An issue in protobuf-java allowed the interleaving of com.google.proto ... |
| DSA / DLA | Description |
|---|---|
| DLA-3393-1 | protobuf - security update |