Debian Protobuf-C vulnerabilities

CVE-2022-33070 [MEDIUM] CVE-2022-33070: protobuf-c - Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the ... Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. Scope: local bookworm: resolved (fixed in 1.4.1-1) bullseye: open forky: resolved (fixed in 1.4.1-1) sid: resolved (fixed in 1.

CVE-2022-48468 [MEDIUM] CVE-2022-48468: libsignal-protocol-c - protobuf-c before 1.4.1 has an unsigned integer overflow in parse_required_membe... protobuf-c before 1.4.1 has an unsigned integer overflow in parse_required_member. Scope: local bookworm: resolved (fixed in 2.3.3-3) bullseye: open forky: resolved (fixed in 2.3.3-3) sid: resolved (fixed in 2.3.3-3) trixie: resolved (fixed in 2.3.3-3)