[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#987353: CVE-2020-8903 CVE-2020-8907 CVE-2020-8933

Hi, since this package was brought into Debian in ~2018, there have been several transformations in the GCE guest software stack and thus the current landscape is very different. Google doesn't actually maintain the official Debian package and we're not sure who is, if anyone. The Google provided packages are shipped separately and will override the Debian package if you use them from our repositories. Please see either our Google Cloud docs or github readme for info on the packages we are maintaining and shipping for Debian systems and on the base Google provided GCE Debian images. Unfortunately, we never did find a DD sponsor to help maintain our guest packages in Debian on the cadence that we needed. I would advocate for removing this package from Debian if we can't find a set of maintainers.

Zach Marano

On Thu, Apr 22, 2021 at 1:48 AM Moritz Muehlenhoff <jmm@debian.org> wrote:
Source: google-compute-image-packages
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>

https://cloud.google.com/compute/docs/security-bulletins#2020619 seems unfixed
unstable/bullseye still.



Reply to: