Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.maint.java > #12205

Release Critical Security Bug in Bazel Dependency

Path csiph.com!eternal-september.org!reader02.eternal-september.org!aioe.org!bofh.it!news.nic.it!robomod
From Olek Wojnar <olek@debian.org>
Newsgroups linux.debian.maint.java
Subject Release Critical Security Bug in Bazel Dependency
Date Sun, 30 May 2021 18:40:01 +0200
Message-ID <CkwDL-8rs-3@gated-at.bofh.it> (permalink)
X-Original-To Debian Bazel Discussion List <debian-bazel@lists.debian.org>
X-Mailbox-Line From debian-java-request@lists.debian.org Sun May 30 16:32:42 2021
Old-Return-Path <olekw.dev@gmail.com>
X-Amavis-Spam-Status No, score=-11.5 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, LDO_WHITELIST=-5, PGPSIGNATURE=-5, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001] autolearn=ham autolearn_force=no
X-Policyd-Weight using cached result; rate: -5.5
X-Gm-Message-State AOAM5322BmSQTrGqfDOcoxUaCSzeTsxnpHiBqRR4/MeVwgb/li1RTbPH 7Baa5/jnUIAj1QOInTUtUyhl0+wE3MYHIw==
X-Google-SMTP-Source ABdhPJx3vF7z7FrS8aUzzHLRYYYzEtVNnM0Oh9vooZ/XpatPhbMzZc3/G9kmCFPhPJS2YFeUcYpi7Q==
X-Received by 2002:a37:5c84:: with SMTP id q126mr13120176qkb.21.1622392345715; Sun, 30 May 2021 09:32:25 -0700 (PDT)
User-Agent Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.1
MIME-Version 1.0
Content-Type multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="SWFPYjxFMQBxob4J2qEBNWYBZ6skTLmZS"
X-Mailing-List <debian-java@lists.debian.org> archive/latest/22833
List-ID <debian-java.lists.debian.org>
List-URL <https://lists.debian.org/debian-java/>
List-Archive https://lists.debian.org/msgid-search/ec72d35a-6506-ea07-e6b7-28c5b6b73537@debian.org
Approved robomod@news.nic.it
Lines 53
Organization linux.* mail to news gateway
Sender robomod@news.nic.it
X-Original-Cc debian-java@lists.debian.org
X-Original-Date Sun, 30 May 2021 12:32:24 -0400
X-Original-Message-ID <ec72d35a-6506-ea07-e6b7-28c5b6b73537@debian.org>
Xref csiph.com linux.debian.maint.java:12205

Show key headers only | View raw

[Multipart message — attachments visible in raw view] - view raw

Debian Bazel Team,

It just came to my attention that there is a Release Critical Security
Bug against the google-oauth-client-java package. [1] If not fixed
quickly, this will result in the removal of that package as well as its
dependencies (google-api-client-java and bazel-bootstrap). Fixing this
is now my #1 priority. I'll update this list with progress.


-Olek

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988944

Back to linux.debian.maint.java | Previous | NextNext in thread | Find similar

Thread

Release Critical Security Bug in Bazel Dependency Olek Wojnar <olek@debian.org> - 2021-05-30 18:40 +0200
  Re: Release Critical Security Bug in Bazel Dependency Yun Peng <pcloudy@google.com> - 2021-05-31 10:40 +0200

csiph-web