Comment 7 for bug 1956617

There are two open security vulnerabilities for protobuf-c [0][1] and each has a pull request [2][3]. One is designated CVE-2022-33070.

protobuf-c is used in sudo and sudo's maintainer has reviewed or created the pull requests.

On the protobuf-c mailing list I requested a release for vulnerability fixes [4].

[0] https://github.com/protobuf-c/protobuf-c/issues/499
[1] https://github.com/protobuf-c/protobuf-c/issues/506
[2] https://github.com/protobuf-c/protobuf-c/pull/500
[3] https://github.com/protobuf-c/protobuf-c/pull/508
[4] https://groups.google.com/g/protobuf-c/c/LCNHAGPkk60