Re: Security fix in Protozero

To: Jochen Topf <jochen@remote.org>, debian-gis@lists.debian.org
Subject: Re: Security fix in Protozero
From: Sebastiaan Couwenberg <sebastic@xs4all.nl>
Date: Wed, 16 Jul 2025 12:43:33 +0200
Message-id: <[🔎] 37804b93-bca0-4fee-8918-29c78893c89a@xs4all.nl>
In-reply-to: <[🔎] 20250716073113.7urxt7psasfy4rmb@arcadia.topf.org>
References: <[🔎] 20250716073113.7urxt7psasfy4rmb@arcadia.topf.org>

On 7/16/25 9:31 AM, Jochen Topf wrote:

Yesterday I released version 1.8.1 of protozero. It basically only
contains a security fix (buffer overrun). It would be good if we can get
this into Trixie.


Is there a CVE or other reference?

The commit [0] nor PR [1] mentioned these.

[0] https://github.com/mapbox/protozero/commit/72802a4ffe7fbf2fba75f316da4531d2561f7eea
[1] https://github.com/mapbox/protozero/pull/133

The way I am using protozero in my code (libosmium etc.) this bug can
not be triggered, but it might affect others.


The other rdeps of protozero in Debian are mapnik & qtlocation-opensource-src.

Kind Regards,

Bas

--
 GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1

Reply to:

Follow-Ups:
- Re: Security fix in Protozero
  - From: Jochen Topf <jochen@remote.org>

References:
- Security fix in Protozero
  - From: Jochen Topf <jochen@remote.org>

Prev by Date: Security fix in Protozero
Next by Date: Re: Security fix in Protozero
Previous by thread: Security fix in Protozero
Next by thread: Re: Security fix in Protozero
Index(es):
- Date
- Thread