Source: python3-grpc-tools
Version: 1.14.1-5
Tags: security
X-Debbugs-CC: secur...@debian.org
Hi,
while investigating #1030311, I discovered python3-grpc-tools
contains an old copy of the google protobuf library. In
third_party/protobuf.
This library is used to build, and obviously has old bugs like
https://github.com/protocolbuffers/protobuf/issues/3937 - from
2017/2018.
At the very least this should be registered with the code copy
registry and updated. IMO it would be better to use libprotobuf-dev
and libproto-c though.
Chris
