Forum: >>> Magnum BBS <<<

Bug#1103767: python3-grpc-tools: embeds and uses outdated protobuf libr

From Chris Hofstaedtler@21:1/5 to All on Mon Apr 21 14:00:01 2025

Source: python3-grpc-tools
Version: 1.14.1-5
Tags: security
X-Debbugs-CC: security@debian.org

Hi,

while investigating #1030311, I discovered python3-grpc-tools
contains an old copy of the google protobuf library. In
third_party/protobuf.

This library is used to build, and obviously has old bugs like https://github.com/protocolbuffers/protobuf/issues/3937 - from
2017/2018.

At the very least this should be registered with the code copy
registry and updated. IMO it would be better to use libprotobuf-dev
and libproto-c though.

Chris

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	482
Nodes:	16 (2 / 14)
Uptime:	47:35:51
Calls:	9,566
Files:	13,659
Messages:	6,142,212