diff -Nru google-osconfig-agent-20230504.00/debian/changelog google-osconfig-agent-20230504.00/debian/changelog
--- google-osconfig-agent-20230504.00/debian/changelog	2024-01-18 06:59:25.000000000 +0000
+++ google-osconfig-agent-20230504.00/debian/changelog	2024-03-13 09:47:52.000000000 +0000
@@ -1,3 +1,16 @@
+google-osconfig-agent (20230504.00-0ubuntu2.2) mantic-security; urgency=medium
+
+  * SECURITY UPDATE: Denial of service
+    - debian/extra/vendor/googgle.golang.org/protobuf was
+      patched with a backport of f01a588e5810b90996452eec4a28f22a0afae023
+      in files encoding/protojson/well_known_types.go,
+      internal/encoding/json/decode.go.
+    - debian/extra/vendor adding patches-applied and README.txt for
+      track/documentation propose about patches applied in vendored sources.
+    - CVE-2024-24786
+
+ -- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>  Wed, 13 Mar 2024 06:47:52 -0300
+
 google-osconfig-agent (20230504.00-0ubuntu2.1) mantic-security; urgency=medium
 
   * No change rebuild due to golang-1.20, golang-1.21 updates
diff -Nru google-osconfig-agent-20230504.00/debian/extra/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go google-osconfig-agent-20230504.00/debian/extra/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go
--- google-osconfig-agent-20230504.00/debian/extra/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go	2023-05-25 09:40:30.000000000 +0000
+++ google-osconfig-agent-20230504.00/debian/extra/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go	2024-03-13 09:47:28.000000000 +0000
@@ -328,6 +328,10 @@
 				if err := d.skipJSONValue(); err != nil {
 					return err
 				}
+			case json.EOF:
+				// This can only happen if there's a bug in Decoder.Read.
+				// Avoid an infinite loop if this does happen.
+				return errors.New("unexpected EOF")
 			}
 		}
 
@@ -341,6 +345,10 @@
 			case json.ArrayClose:
 				d.Read()
 				return nil
+			case json.EOF:
+				// This can only happen if there's a bug in Decoder.Read.
+				// Avoid an infinite loop if this does happen.
+				return errors.New("unexpected EOF")
 			default:
 				// Skip array item.
 				if err := d.skipJSONValue(); err != nil {
@@ -348,6 +356,10 @@
 				}
 			}
 		}
+	case json.EOF:
+		// This can only happen if there's a bug in Decoder.Read.
+		// Avoid an infinite loop if this does happen.
+		return errors.New("unexpected EOF")
 	}
 	return nil
 }
diff -Nru google-osconfig-agent-20230504.00/debian/extra/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go google-osconfig-agent-20230504.00/debian/extra/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go
--- google-osconfig-agent-20230504.00/debian/extra/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go	2023-05-25 09:40:30.000000000 +0000
+++ google-osconfig-agent-20230504.00/debian/extra/vendor/google.golang.org/protobuf/internal/encoding/json/decode.go	2024-03-13 09:47:28.000000000 +0000
@@ -121,7 +121,7 @@
 
 	case ObjectClose:
 		if len(d.openStack) == 0 ||
-			d.lastToken.kind == comma ||
+			d.lastToken.kind&(Name|comma) != 0 ||
 			d.openStack[len(d.openStack)-1] != ObjectOpen {
 			return Token{}, d.newSyntaxError(tok.pos, unexpectedFmt, tok.RawString())
 		}
diff -Nru google-osconfig-agent-20230504.00/debian/extra/vendor/patches-applied/README.txt google-osconfig-agent-20230504.00/debian/extra/vendor/patches-applied/README.txt
--- google-osconfig-agent-20230504.00/debian/extra/vendor/patches-applied/README.txt	1970-01-01 00:00:00.000000000 +0000
+++ google-osconfig-agent-20230504.00/debian/extra/vendor/patches-applied/README.txt	2024-03-13 09:47:52.000000000 +0000
@@ -0,0 +1 @@
+These patches have been applied to the vendored source
diff -Nru google-osconfig-agent-20230504.00/debian/extra/vendor/patches-applied/protobuf-CVE-2024-24786.patch google-osconfig-agent-20230504.00/debian/extra/vendor/patches-applied/protobuf-CVE-2024-24786.patch
--- google-osconfig-agent-20230504.00/debian/extra/vendor/patches-applied/protobuf-CVE-2024-24786.patch	1970-01-01 00:00:00.000000000 +0000
+++ google-osconfig-agent-20230504.00/debian/extra/vendor/patches-applied/protobuf-CVE-2024-24786.patch	2024-03-13 09:47:52.000000000 +0000
@@ -0,0 +1,73 @@
+Backport of :
+
+From f01a588e5810b90996452eec4a28f22a0afae023 Mon Sep 17 00:00:00 2001
+From: Damien Neil <dneil@google.com>
+Date: Tue, 05 Mar 2024 08:54:24 -0800
+Subject: [PATCH] encoding/protojson, internal/encoding/json: handle missing object values
+
+In internal/encoding/json, report an error when encountering a }
+when we are expecting an object field value. For example, the input
+`{"":}` now correctly results in an error at the closing } token.
+
+In encoding/protojson, check for an unexpected EOF token in
+skipJSONValue. This is redundant with the check in internal/encoding/json,
+but adds a bit more defense against any other similar bugs that
+might exist.
+
+Fixes CVE-2024-24786
+
+Change-Id: I03d52512acb5091c8549e31ca74541d57e56c99d
+Reviewed-on: https://go-review.googlesource.com/c/protobuf/+/569356
+TryBot-Bypass: Damien Neil <dneil@google.com>
+Reviewed-by: Roland Shoemaker <roland@golang.org>
+Commit-Queue: Damien Neil <dneil@google.com>
+diff --git a/encoding/protojson/well_known_types.go b/encoding/protojson/well_known_types.go
+index c85f846..08bc470 100644
+--- a/encoding/protojson/well_known_types.go
++++ b/encoding/protojson/well_known_types.go
+@@ -328,6 +328,10 @@ func (d decoder) skipJSONValue() error {
+ 				if err := d.skipJSONValue(); err != nil {
+ 					return err
+ 				}
++			case json.EOF:
++				// This can only happen if there's a bug in Decoder.Read.
++				// Avoid an infinite loop if this does happen.
++				return errors.New("unexpected EOF")
+ 			}
+ 		}
+ 
+@@ -341,6 +345,10 @@ func (d decoder) skipJSONValue() error {
+ 			case json.ArrayClose:
+ 				d.Read()
+ 				return nil
++			case json.EOF:
++				// This can only happen if there's a bug in Decoder.Read.
++				// Avoid an infinite loop if this does happen.
++				return errors.New("unexpected EOF")
+ 			default:
+ 				// Skip array item.
+ 				if err := d.skipJSONValue(); err != nil {
+@@ -348,6 +356,10 @@ func (d decoder) skipJSONValue() error {
+ 				}
+ 			}
+ 		}
++	case json.EOF:
++		// This can only happen if there's a bug in Decoder.Read.
++		// Avoid an infinite loop if this does happen.
++		return errors.New("unexpected EOF")
+ 	}
+ 	return nil
+ }
+diff --git a/internal/encoding/json/decode.go b/internal/encoding/json/decode.go
+index b13fd29..b2be4e8 100644
+--- a/internal/encoding/json/decode.go
++++ b/internal/encoding/json/decode.go
+@@ -121,7 +121,7 @@ func (d *Decoder) Read() (Token, error) {
+ 
+ 	case ObjectClose:
+ 		if len(d.openStack) == 0 ||
+-			d.lastToken.kind == comma ||
++			d.lastToken.kind&(Name|comma) != 0 ||
+ 			d.openStack[len(d.openStack)-1] != ObjectOpen {
+ 			return Token{}, d.newSyntaxError(tok.pos, unexpectedFmt, tok.RawString())
+ 		}