Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.maint.java > #12206
| Path | csiph.com!eternal-september.org!reader02.eternal-september.org!aioe.org!bofh.it!news.nic.it!robomod |
|---|---|
| From | Yun Peng <pcloudy@google.com> |
| Newsgroups | linux.debian.maint.java |
| Subject | Re: Release Critical Security Bug in Bazel Dependency |
| Date | Mon, 31 May 2021 10:40:02 +0200 |
| Message-ID | <CkLCO-BQ-5@gated-at.bofh.it> (permalink) |
| References | <CkwDL-8rs-3@gated-at.bofh.it> |
| X-Mailbox-Line | From debian-java-request@lists.debian.org Mon May 31 08:33:09 2021 |
| Old-Return-Path | <pcloudy@google.com> |
| X-Amavis-Spam-Status | No, score=-12.701 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=2, LDO_WHITELIST=-5, RCVD_IN_DNSWL_NONE=-0.0001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=no autolearn_force=no |
| X-Policyd-Weight | NOT_IN_SBL_XBL_SPAMHAUS=-1.5 CL_IP_EQ_HELO_IP=-2 (check from: .google. - helo: .mail-lf1-x135.google. - helo-domain: .google.) FROM/MX_MATCHES_HELO(DOMAIN)=-2; rate: -5.5 |
| X-Gm-Message-State | AOAM531frfoDOMADg9FOcSx1JhskqaI/hZSXev7oskW4I2F6Np2qBCpR D23vGKqcBsY0VlVc6oEzGqSJLrjDx5QfJQr03Z82BA== |
| X-Google-SMTP-Source | ABdhPJytbFta8ZxWED3xc5RgG/PpU4MBKpA4numQF8k7wXEMvpsqzaTbn0oHZJGw7PMJQxp+rEcIUu3h8bzWptsxt1w= |
| X-Received | by 2002:a05:6512:3d91:: with SMTP id k17mr13260731lfv.282.1622449061848; Mon, 31 May 2021 01:17:41 -0700 (PDT) |
| MIME-Version | 1.0 |
| Content-Type | multipart/alternative; boundary="000000000000ffd8fa05c39bdbc5" |
| X-Mailing-List | <debian-java@lists.debian.org> archive/latest/22834 |
| List-ID | <debian-java.lists.debian.org> |
| List-URL | <https://lists.debian.org/debian-java/> |
| List-Archive | https://lists.debian.org/msgid-search/CAOZBPs62t4g_WvCUW-F32apO5qyKbykTBE+CztOOkMxGFa3Veg@mail.gmail.com |
| Approved | robomod@news.nic.it |
| Lines | 57 |
| Organization | linux.* mail to news gateway |
| Sender | robomod@news.nic.it |
| X-Original-Cc | Debian Bazel Discussion List <debian-bazel@lists.debian.org>, debian-java@lists.debian.org |
| X-Original-Date | Mon, 31 May 2021 10:17:30 +0200 |
| X-Original-Message-ID | <CAOZBPs62t4g_WvCUW-F32apO5qyKbykTBE+CztOOkMxGFa3Veg@mail.gmail.com> |
| X-Original-References | <ec72d35a-6506-ea07-e6b7-28c5b6b73537@debian.org> |
| Xref | csiph.com linux.debian.maint.java:12206 |
Show key headers only | View raw
[Multipart message — attachments visible in raw view] - view raw
Thanks, Olek! Looks like the bug is fixed in the latest release of google-oauth-client. Does this mean we just need to upgrade its version in Debian? Please let me know if I can help with anything! On Sun, May 30, 2021 at 6:32 PM Olek Wojnar <olek@debian.org> wrote: > Debian Bazel Team, > > It just came to my attention that there is a Release Critical Security > Bug against the google-oauth-client-java package. [1] If not fixed > quickly, this will result in the removal of that package as well as its > dependencies (google-api-client-java and bazel-bootstrap). Fixing this > is now my #1 priority. I'll update this list with progress. > > > -Olek > > [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988944 > >
Back to linux.debian.maint.java | Previous | Next — Previous in thread | Find similar
Release Critical Security Bug in Bazel Dependency Olek Wojnar <olek@debian.org> - 2021-05-30 18:40 +0200 Re: Release Critical Security Bug in Bazel Dependency Yun Peng <pcloudy@google.com> - 2021-05-31 10:40 +0200
csiph-web