golang-google-protobuf (1.33.0-1)
[PTS] [DDPO]
OK: VCS matches the version in the archive
- Git: https://salsa.debian.org/go-team/packages/golang-google-protobuf.git
-
- Branch: debian/sid
- Path: debian/changelog
- Repo size: 593920
- Browser: https://salsa.debian.org/go-team/packages/golang-google-protobuf
- Last scan: 2024-10-06 17:01:03+00
- Next scan: 2024-10-14 12:54:00+00
- CI pipeline status: success
- Debian changelog in Git:
golang-google-protobuf (1.33.0-1) unstable; urgency=medium
* New upstream version 1.33.0
encoding/protojson, internal/encoding/json: handle missing object values
In internal/encoding/json, report an error when encountering a }
when we are expecting an object field value. For example, the input
`{"":}` now correctly results in an error at the closing } token.
In encoding/protojson, check for an unexpected EOF token in
skipJSONValue. This is redundant with the check in internal/encoding/json,
but adds a bit more defense against any other similar bugs that
might exist.
Fixes CVE-2024-24786 (Closes: #1065684)
* DH_GOLANG_INSTALL_EXTRA: Update path to editions_defaults.binpb
which was moved from reflect/protodesc/ to internal/editiondefaults/
-- Anthony Fok <foka@debian.org> Tue, 26 Mar 2024 17:49:06 -0600
- This branch is even with tag debian/1.33.0-1