Safety CI > jonaylor89/chronos

pyup-update-protobuf-3.17.3-to-4.21.11

2 years, 9 months ago

8ce4a355

Update protobuf from 3.17.3 to 4.21.11

No dependencies with known security vulnerabilities.

pyup-update-certifi-2021.5.30-to-2022.12.7

2 years, 9 months ago

4d1401ef

Update certifi from 2021.5.30 to 2022.12.7

protobuf 3.17.3 has known security vulnerabilities.

Package	Installed	Affected	Info
protobuf	3.17.3	<3.18.3 , >=3.19.0rc0,<3.19.5 , >=3.20.0rc0,<3.20.2 , >=4.0.0rc0,<4.21.6	show Protobuf 3.18.3, 3.19.5, 3.20.2 and 4.21.6 include a fix for CVE-2022-1941: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf
protobuf	3.17.3	<4.25.8 , >=5.26.0rc1,<5.29.5 , >=6.30.0rc1,<6.31.1	show Affected versions of this package are vulnerable to a potential Denial of Service (DoS) attack due to unbounded recursion when parsing untrusted Protocol Buffers data. The pure-Python implementation fails to enforce recursion depth limits when processing recursive groups, recursive messages, or a series of SGROUP tags, leading to stack overflow conditions that can crash the application by exceeding Python's recursion limit.

Package

Installed

Affected

Info

protobuf

3.17.3

<3.18.3 , >=3.19.0rc0,<3.19.5 , >=3.20.0rc0,<3.20.2 , >=4.0.0rc0,<4.21.6

show

Protobuf 3.18.3, 3.19.5, 3.20.2 and 4.21.6 include a fix for CVE-2022-1941: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input.
https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf

protobuf

3.17.3

<4.25.8 , >=5.26.0rc1,<5.29.5 , >=6.30.0rc1,<6.31.1

show

Affected versions of this package are vulnerable to a potential Denial of Service (DoS) attack due to unbounded recursion when parsing untrusted Protocol Buffers data. The pure-Python implementation fails to enforce recursion depth limits when processing recursive groups, recursive messages, or a series of SGROUP tags, leading to stack overflow conditions that can crash the application by exceeding Python's recursion limit.

pyup-update-chardet-4.0.0-to-5.1.0

2 years, 9 months ago

5b73580d

Update chardet from 4.0.0 to 5.1.0

protobuf 3.17.3 has known security vulnerabilities.

Package	Installed	Affected	Info
protobuf	3.17.3	<3.18.3 , >=3.19.0rc0,<3.19.5 , >=3.20.0rc0,<3.20.2 , >=4.0.0rc0,<4.21.6	show Protobuf 3.18.3, 3.19.5, 3.20.2 and 4.21.6 include a fix for CVE-2022-1941: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf
protobuf	3.17.3	<4.25.8 , >=5.26.0rc1,<5.29.5 , >=6.30.0rc1,<6.31.1	show Affected versions of this package are vulnerable to a potential Denial of Service (DoS) attack due to unbounded recursion when parsing untrusted Protocol Buffers data. The pure-Python implementation fails to enforce recursion depth limits when processing recursive groups, recursive messages, or a series of SGROUP tags, leading to stack overflow conditions that can crash the application by exceeding Python's recursion limit.

Package

Installed

Affected

Info

protobuf

3.17.3

<3.18.3 , >=3.19.0rc0,<3.19.5 , >=3.20.0rc0,<3.20.2 , >=4.0.0rc0,<4.21.6

show

Protobuf 3.18.3, 3.19.5, 3.20.2 and 4.21.6 include a fix for CVE-2022-1941: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input.
https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf

protobuf

3.17.3

<4.25.8 , >=5.26.0rc1,<5.29.5 , >=6.30.0rc1,<6.31.1

show

Affected versions of this package are vulnerable to a potential Denial of Service (DoS) attack due to unbounded recursion when parsing untrusted Protocol Buffers data. The pure-Python implementation fails to enforce recursion depth limits when processing recursive groups, recursive messages, or a series of SGROUP tags, leading to stack overflow conditions that can crash the application by exceeding Python's recursion limit.

pyup-update-google-auth-1.32.1-to-2.15.0

2 years, 9 months ago

dd55c286

Update google-auth from 1.32.1 to 2.15.0

protobuf 3.17.3 has known security vulnerabilities.

Package	Installed	Affected	Info
protobuf	3.17.3	<3.18.3 , >=3.19.0rc0,<3.19.5 , >=3.20.0rc0,<3.20.2 , >=4.0.0rc0,<4.21.6	show Protobuf 3.18.3, 3.19.5, 3.20.2 and 4.21.6 include a fix for CVE-2022-1941: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf
protobuf	3.17.3	<4.25.8 , >=5.26.0rc1,<5.29.5 , >=6.30.0rc1,<6.31.1	show Affected versions of this package are vulnerable to a potential Denial of Service (DoS) attack due to unbounded recursion when parsing untrusted Protocol Buffers data. The pure-Python implementation fails to enforce recursion depth limits when processing recursive groups, recursive messages, or a series of SGROUP tags, leading to stack overflow conditions that can crash the application by exceeding Python's recursion limit.

Package

Installed

Affected

Info

protobuf

3.17.3

<3.18.3 , >=3.19.0rc0,<3.19.5 , >=3.20.0rc0,<3.20.2 , >=4.0.0rc0,<4.21.6

show

Protobuf 3.18.3, 3.19.5, 3.20.2 and 4.21.6 include a fix for CVE-2022-1941: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input.
https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf

protobuf

3.17.3

<4.25.8 , >=5.26.0rc1,<5.29.5 , >=6.30.0rc1,<6.31.1

show

Affected versions of this package are vulnerable to a potential Denial of Service (DoS) attack due to unbounded recursion when parsing untrusted Protocol Buffers data. The pure-Python implementation fails to enforce recursion depth limits when processing recursive groups, recursive messages, or a series of SGROUP tags, leading to stack overflow conditions that can crash the application by exceeding Python's recursion limit.

pyup-update-google-api-core-1.31.0-to-2.11.0

2 years, 9 months ago

6a7ce33c

Update google-api-core from 1.31.0 to 2.11.0

protobuf 3.17.3 has known security vulnerabilities.

Package	Installed	Affected	Info
protobuf	3.17.3	<3.18.3 , >=3.19.0rc0,<3.19.5 , >=3.20.0rc0,<3.20.2 , >=4.0.0rc0,<4.21.6	show Protobuf 3.18.3, 3.19.5, 3.20.2 and 4.21.6 include a fix for CVE-2022-1941: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf
protobuf	3.17.3	<4.25.8 , >=5.26.0rc1,<5.29.5 , >=6.30.0rc1,<6.31.1	show Affected versions of this package are vulnerable to a potential Denial of Service (DoS) attack due to unbounded recursion when parsing untrusted Protocol Buffers data. The pure-Python implementation fails to enforce recursion depth limits when processing recursive groups, recursive messages, or a series of SGROUP tags, leading to stack overflow conditions that can crash the application by exceeding Python's recursion limit.

Package

Installed

Affected

Info

protobuf

3.17.3

<3.18.3 , >=3.19.0rc0,<3.19.5 , >=3.20.0rc0,<3.20.2 , >=4.0.0rc0,<4.21.6

show

Protobuf 3.18.3, 3.19.5, 3.20.2 and 4.21.6 include a fix for CVE-2022-1941: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input.
https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf

protobuf

3.17.3

<4.25.8 , >=5.26.0rc1,<5.29.5 , >=6.30.0rc1,<6.31.1

show

Affected versions of this package are vulnerable to a potential Denial of Service (DoS) attack due to unbounded recursion when parsing untrusted Protocol Buffers data. The pure-Python implementation fails to enforce recursion depth limits when processing recursive groups, recursive messages, or a series of SGROUP tags, leading to stack overflow conditions that can crash the application by exceeding Python's recursion limit.

pyup-update-protobuf-3.17.3-to-4.21.10

2 years, 9 months ago

4f7314c5

Update protobuf from 3.17.3 to 4.21.10

No dependencies with known security vulnerabilities.

pyup-update-google-api-python-client-2.12.0-to-2.68.0

2 years, 9 months ago

78949b90

Update google-api-python-client from 2.12.0 to 2.68.0

protobuf 3.17.3 has known security vulnerabilities.

Package	Installed	Affected	Info
protobuf	3.17.3	<3.18.3 , >=3.19.0rc0,<3.19.5 , >=3.20.0rc0,<3.20.2 , >=4.0.0rc0,<4.21.6	show Protobuf 3.18.3, 3.19.5, 3.20.2 and 4.21.6 include a fix for CVE-2022-1941: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf
protobuf	3.17.3	<4.25.8 , >=5.26.0rc1,<5.29.5 , >=6.30.0rc1,<6.31.1	show Affected versions of this package are vulnerable to a potential Denial of Service (DoS) attack due to unbounded recursion when parsing untrusted Protocol Buffers data. The pure-Python implementation fails to enforce recursion depth limits when processing recursive groups, recursive messages, or a series of SGROUP tags, leading to stack overflow conditions that can crash the application by exceeding Python's recursion limit.

Package

Installed

Affected

Info

protobuf

3.17.3

<3.18.3 , >=3.19.0rc0,<3.19.5 , >=3.20.0rc0,<3.20.2 , >=4.0.0rc0,<4.21.6

show

Protobuf 3.18.3, 3.19.5, 3.20.2 and 4.21.6 include a fix for CVE-2022-1941: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input.
https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf

protobuf

3.17.3

<4.25.8 , >=5.26.0rc1,<5.29.5 , >=6.30.0rc1,<6.31.1

show

Affected versions of this package are vulnerable to a potential Denial of Service (DoS) attack due to unbounded recursion when parsing untrusted Protocol Buffers data. The pure-Python implementation fails to enforce recursion depth limits when processing recursive groups, recursive messages, or a series of SGROUP tags, leading to stack overflow conditions that can crash the application by exceeding Python's recursion limit.

pyup-update-urllib3-1.26.6-to-1.26.13

2 years, 9 months ago

586066cc

Update urllib3 from 1.26.6 to 1.26.13

protobuf 3.17.3 has known security vulnerabilities.

Package	Installed	Affected	Info
protobuf	3.17.3	<3.18.3 , >=3.19.0rc0,<3.19.5 , >=3.20.0rc0,<3.20.2 , >=4.0.0rc0,<4.21.6	show Protobuf 3.18.3, 3.19.5, 3.20.2 and 4.21.6 include a fix for CVE-2022-1941: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf
protobuf	3.17.3	<4.25.8 , >=5.26.0rc1,<5.29.5 , >=6.30.0rc1,<6.31.1	show Affected versions of this package are vulnerable to a potential Denial of Service (DoS) attack due to unbounded recursion when parsing untrusted Protocol Buffers data. The pure-Python implementation fails to enforce recursion depth limits when processing recursive groups, recursive messages, or a series of SGROUP tags, leading to stack overflow conditions that can crash the application by exceeding Python's recursion limit.

Package

Installed

Affected

Info

protobuf

3.17.3

<3.18.3 , >=3.19.0rc0,<3.19.5 , >=3.20.0rc0,<3.20.2 , >=4.0.0rc0,<4.21.6

show

Protobuf 3.18.3, 3.19.5, 3.20.2 and 4.21.6 include a fix for CVE-2022-1941: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input.
https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf

protobuf

3.17.3

<4.25.8 , >=5.26.0rc1,<5.29.5 , >=6.30.0rc1,<6.31.1

show

Affected versions of this package are vulnerable to a potential Denial of Service (DoS) attack due to unbounded recursion when parsing untrusted Protocol Buffers data. The pure-Python implementation fails to enforce recursion depth limits when processing recursive groups, recursive messages, or a series of SGROUP tags, leading to stack overflow conditions that can crash the application by exceeding Python's recursion limit.

pyup-update-google-api-python-client-2.12.0-to-2.66.0

2 years, 9 months ago

4c30e480

Update google-api-python-client from 2.12.0 to 2.66.0

protobuf 3.17.3 has known security vulnerabilities.

Package	Installed	Affected	Info
protobuf	3.17.3	<3.18.3 , >=3.19.0rc0,<3.19.5 , >=3.20.0rc0,<3.20.2 , >=4.0.0rc0,<4.21.6	show Protobuf 3.18.3, 3.19.5, 3.20.2 and 4.21.6 include a fix for CVE-2022-1941: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf
protobuf	3.17.3	<4.25.8 , >=5.26.0rc1,<5.29.5 , >=6.30.0rc1,<6.31.1	show Affected versions of this package are vulnerable to a potential Denial of Service (DoS) attack due to unbounded recursion when parsing untrusted Protocol Buffers data. The pure-Python implementation fails to enforce recursion depth limits when processing recursive groups, recursive messages, or a series of SGROUP tags, leading to stack overflow conditions that can crash the application by exceeding Python's recursion limit.

Package

Installed

Affected

Info

protobuf

3.17.3

<3.18.3 , >=3.19.0rc0,<3.19.5 , >=3.20.0rc0,<3.20.2 , >=4.0.0rc0,<4.21.6

show

Protobuf 3.18.3, 3.19.5, 3.20.2 and 4.21.6 include a fix for CVE-2022-1941: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input.
https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf

protobuf

3.17.3

<4.25.8 , >=5.26.0rc1,<5.29.5 , >=6.30.0rc1,<6.31.1

show

Affected versions of this package are vulnerable to a potential Denial of Service (DoS) attack due to unbounded recursion when parsing untrusted Protocol Buffers data. The pure-Python implementation fails to enforce recursion depth limits when processing recursive groups, recursive messages, or a series of SGROUP tags, leading to stack overflow conditions that can crash the application by exceeding Python's recursion limit.

pyup-update-googleapis-common-protos-1.53.0-to-1.57.0

2 years, 10 months ago

31d66c99

Update googleapis-common-protos from 1.53.0 to 1.57.0

protobuf 3.17.3 has known security vulnerabilities.

Package	Installed	Affected	Info
protobuf	3.17.3	<3.18.3 , >=3.19.0rc0,<3.19.5 , >=3.20.0rc0,<3.20.2 , >=4.0.0rc0,<4.21.6	show Protobuf 3.18.3, 3.19.5, 3.20.2 and 4.21.6 include a fix for CVE-2022-1941: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf
protobuf	3.17.3	<4.25.8 , >=5.26.0rc1,<5.29.5 , >=6.30.0rc1,<6.31.1	show Affected versions of this package are vulnerable to a potential Denial of Service (DoS) attack due to unbounded recursion when parsing untrusted Protocol Buffers data. The pure-Python implementation fails to enforce recursion depth limits when processing recursive groups, recursive messages, or a series of SGROUP tags, leading to stack overflow conditions that can crash the application by exceeding Python's recursion limit.

Package

Installed

Affected

Info

protobuf

3.17.3

<3.18.3 , >=3.19.0rc0,<3.19.5 , >=3.20.0rc0,<3.20.2 , >=4.0.0rc0,<4.21.6

show

Protobuf 3.18.3, 3.19.5, 3.20.2 and 4.21.6 include a fix for CVE-2022-1941: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input.
https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf

protobuf

3.17.3

<4.25.8 , >=5.26.0rc1,<5.29.5 , >=6.30.0rc1,<6.31.1

show

Affected versions of this package are vulnerable to a potential Denial of Service (DoS) attack due to unbounded recursion when parsing untrusted Protocol Buffers data. The pure-Python implementation fails to enforce recursion depth limits when processing recursive groups, recursive messages, or a series of SGROUP tags, leading to stack overflow conditions that can crash the application by exceeding Python's recursion limit.

pyup-update-google-auth-1.32.1-to-2.14.1

2 years, 10 months ago

81a7d1dc

Update google-auth from 1.32.1 to 2.14.1

protobuf 3.17.3 has known security vulnerabilities.

Package	Installed	Affected	Info
protobuf	3.17.3	<3.18.3 , >=3.19.0rc0,<3.19.5 , >=3.20.0rc0,<3.20.2 , >=4.0.0rc0,<4.21.6	show Protobuf 3.18.3, 3.19.5, 3.20.2 and 4.21.6 include a fix for CVE-2022-1941: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf
protobuf	3.17.3	<4.25.8 , >=5.26.0rc1,<5.29.5 , >=6.30.0rc1,<6.31.1	show Affected versions of this package are vulnerable to a potential Denial of Service (DoS) attack due to unbounded recursion when parsing untrusted Protocol Buffers data. The pure-Python implementation fails to enforce recursion depth limits when processing recursive groups, recursive messages, or a series of SGROUP tags, leading to stack overflow conditions that can crash the application by exceeding Python's recursion limit.

Package

Installed

Affected

Info

protobuf

3.17.3

<3.18.3 , >=3.19.0rc0,<3.19.5 , >=3.20.0rc0,<3.20.2 , >=4.0.0rc0,<4.21.6

show

Protobuf 3.18.3, 3.19.5, 3.20.2 and 4.21.6 include a fix for CVE-2022-1941: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input.
https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf

protobuf

3.17.3

<4.25.8 , >=5.26.0rc1,<5.29.5 , >=6.30.0rc1,<6.31.1

show

Affected versions of this package are vulnerable to a potential Denial of Service (DoS) attack due to unbounded recursion when parsing untrusted Protocol Buffers data. The pure-Python implementation fails to enforce recursion depth limits when processing recursive groups, recursive messages, or a series of SGROUP tags, leading to stack overflow conditions that can crash the application by exceeding Python's recursion limit.

pyup-update-pytz-2021.1-to-2022.6

2 years, 10 months ago

8eccd181

Update pytz from 2021.1 to 2022.6

protobuf 3.17.3 has known security vulnerabilities.

Package	Installed	Affected	Info
protobuf	3.17.3	<3.18.3 , >=3.19.0rc0,<3.19.5 , >=3.20.0rc0,<3.20.2 , >=4.0.0rc0,<4.21.6	show Protobuf 3.18.3, 3.19.5, 3.20.2 and 4.21.6 include a fix for CVE-2022-1941: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf
protobuf	3.17.3	<4.25.8 , >=5.26.0rc1,<5.29.5 , >=6.30.0rc1,<6.31.1	show Affected versions of this package are vulnerable to a potential Denial of Service (DoS) attack due to unbounded recursion when parsing untrusted Protocol Buffers data. The pure-Python implementation fails to enforce recursion depth limits when processing recursive groups, recursive messages, or a series of SGROUP tags, leading to stack overflow conditions that can crash the application by exceeding Python's recursion limit.

Package

Installed

Affected

Info

protobuf

3.17.3

<3.18.3 , >=3.19.0rc0,<3.19.5 , >=3.20.0rc0,<3.20.2 , >=4.0.0rc0,<4.21.6

show

Protobuf 3.18.3, 3.19.5, 3.20.2 and 4.21.6 include a fix for CVE-2022-1941: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input.
https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf

protobuf

3.17.3

<4.25.8 , >=5.26.0rc1,<5.29.5 , >=6.30.0rc1,<6.31.1

show

Affected versions of this package are vulnerable to a potential Denial of Service (DoS) attack due to unbounded recursion when parsing untrusted Protocol Buffers data. The pure-Python implementation fails to enforce recursion depth limits when processing recursive groups, recursive messages, or a series of SGROUP tags, leading to stack overflow conditions that can crash the application by exceeding Python's recursion limit.

pyup-update-google-auth-1.32.1-to-2.14.0

2 years, 10 months ago

0ec65e06

Update google-auth from 1.32.1 to 2.14.0

protobuf 3.17.3 has known security vulnerabilities.

Package	Installed	Affected	Info
protobuf	3.17.3	<3.18.3 , >=3.19.0rc0,<3.19.5 , >=3.20.0rc0,<3.20.2 , >=4.0.0rc0,<4.21.6	show Protobuf 3.18.3, 3.19.5, 3.20.2 and 4.21.6 include a fix for CVE-2022-1941: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf
protobuf	3.17.3	<4.25.8 , >=5.26.0rc1,<5.29.5 , >=6.30.0rc1,<6.31.1	show Affected versions of this package are vulnerable to a potential Denial of Service (DoS) attack due to unbounded recursion when parsing untrusted Protocol Buffers data. The pure-Python implementation fails to enforce recursion depth limits when processing recursive groups, recursive messages, or a series of SGROUP tags, leading to stack overflow conditions that can crash the application by exceeding Python's recursion limit.

Package

Installed

Affected

Info

protobuf

3.17.3

<3.18.3 , >=3.19.0rc0,<3.19.5 , >=3.20.0rc0,<3.20.2 , >=4.0.0rc0,<4.21.6

show

Protobuf 3.18.3, 3.19.5, 3.20.2 and 4.21.6 include a fix for CVE-2022-1941: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input.
https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf

protobuf

3.17.3

<4.25.8 , >=5.26.0rc1,<5.29.5 , >=6.30.0rc1,<6.31.1

show

Affected versions of this package are vulnerable to a potential Denial of Service (DoS) attack due to unbounded recursion when parsing untrusted Protocol Buffers data. The pure-Python implementation fails to enforce recursion depth limits when processing recursive groups, recursive messages, or a series of SGROUP tags, leading to stack overflow conditions that can crash the application by exceeding Python's recursion limit.

pyup-update-httplib2-0.19.1-to-0.21.0

2 years, 10 months ago

9e75fceb

Update httplib2 from 0.19.1 to 0.21.0

protobuf 3.17.3 has known security vulnerabilities.

Package	Installed	Affected	Info
protobuf	3.17.3	<3.18.3 , >=3.19.0rc0,<3.19.5 , >=3.20.0rc0,<3.20.2 , >=4.0.0rc0,<4.21.6	show Protobuf 3.18.3, 3.19.5, 3.20.2 and 4.21.6 include a fix for CVE-2022-1941: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf
protobuf	3.17.3	<4.25.8 , >=5.26.0rc1,<5.29.5 , >=6.30.0rc1,<6.31.1	show Affected versions of this package are vulnerable to a potential Denial of Service (DoS) attack due to unbounded recursion when parsing untrusted Protocol Buffers data. The pure-Python implementation fails to enforce recursion depth limits when processing recursive groups, recursive messages, or a series of SGROUP tags, leading to stack overflow conditions that can crash the application by exceeding Python's recursion limit.

Package

Installed

Affected

Info

protobuf

3.17.3

<3.18.3 , >=3.19.0rc0,<3.19.5 , >=3.20.0rc0,<3.20.2 , >=4.0.0rc0,<4.21.6

show

Protobuf 3.18.3, 3.19.5, 3.20.2 and 4.21.6 include a fix for CVE-2022-1941: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input.
https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf

protobuf

3.17.3

<4.25.8 , >=5.26.0rc1,<5.29.5 , >=6.30.0rc1,<6.31.1

show

Affected versions of this package are vulnerable to a potential Denial of Service (DoS) attack due to unbounded recursion when parsing untrusted Protocol Buffers data. The pure-Python implementation fails to enforce recursion depth limits when processing recursive groups, recursive messages, or a series of SGROUP tags, leading to stack overflow conditions that can crash the application by exceeding Python's recursion limit.

pyup-update-protobuf-3.17.3-to-4.21.9

2 years, 10 months ago

8197e101

Update protobuf from 3.17.3 to 4.21.9

No dependencies with known security vulnerabilities.