Re: Release Critical Security Bug in Bazel Dependency

To: Olek Wojnar <olek@debian.org>
Cc: Debian Bazel Discussion List <debian-bazel@lists.debian.org>, debian-java@lists.debian.org
Subject: Re: Release Critical Security Bug in Bazel Dependency
From: Yun Peng <pcloudy@google.com>
Date: Mon, 31 May 2021 10:17:30 +0200
Message-id: <[🔎] CAOZBPs62t4g_WvCUW-F32apO5qyKbykTBE+CztOOkMxGFa3Veg@mail.gmail.com>
In-reply-to: <[🔎] ec72d35a-6506-ea07-e6b7-28c5b6b73537@debian.org>
References: <[🔎] ec72d35a-6506-ea07-e6b7-28c5b6b73537@debian.org>

Thanks, Olek!

Looks like the bug is fixed in the latest release of google-oauth-client. Does this mean we just need to upgrade its version in Debian?

Please let me know if I can help with anything!

On Sun, May 30, 2021 at 6:32 PM Olek Wojnar <olek@debian.org> wrote:

Debian Bazel Team,

It just came to my attention that there is a Release Critical Security
Bug against the google-oauth-client-java package. [1] If not fixed
quickly, this will result in the removal of that package as well as its
dependencies (google-api-client-java and bazel-bootstrap). Fixing this
is now my #1 priority. I'll update this list with progress.

-Olek

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988944

Reply to:

Follow-Ups:
- Re: Release Critical Security Bug in Bazel Dependency
  - From: Olek Wojnar <olek@debian.org>

References:
- Release Critical Security Bug in Bazel Dependency
  - From: Olek Wojnar <olek@debian.org>

Prev by Date: Release Critical Security Bug in Bazel Dependency
Next by Date: Re: Release Critical Security Bug in Bazel Dependency
Previous by thread: Release Critical Security Bug in Bazel Dependency
Next by thread: Re: Release Critical Security Bug in Bazel Dependency
Index(es):
- Date
- Thread