Bug#987353: CVE-2020-8903 CVE-2020-8907 CVE-2020-8933
Hi, since this package was brought into Debian in ~2018, there have been several transformations in the GCE guest software stack and thus the current landscape is very different. Google doesn't actually maintain the official Debian package and we're not sure who is, if anyone. The Google provided packages are shipped separately and will override the Debian package if you use them from our repositories. Please see either our Google Cloud docs
or github readme
for info on the packages we are maintaining and shipping for Debian systems and on the base Google provided GCE Debian images. Unfortunately, we never did find a DD sponsor to help maintain our guest packages in Debian on the cadence that we needed. I would advocate for removing this package from Debian if we can't find a set of maintainers.