Bug#989313: marked as done (unblock: google-oauth-client-java/1.28.0-2)

To: Sebastian Ramacher <sramacher@respighi.debian.org>
Subject: Bug#989313: marked as done (unblock: google-oauth-client-java/1.28.0-2)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Tue, 01 Jun 2021 22:42:03 +0000
Message-id: <[🔎] handler.989313.D989313.162258713728847.ackdone@bugs.debian.org>
Reply-to: 989313@bugs.debian.org
References: <E1loD2E-0003xK-Uy@respighi.debian.org> <b1dec6d9-e36f-6c6e-d1a5-22a26cf94f7f@debian.org>

Your message dated Tue, 01 Jun 2021 22:38:54 +0000
with message-id <E1loD2E-0003xK-Uy@respighi.debian.org>
and subject line unblock google-oauth-client-java
has caused the Debian Bug report #989313,
regarding unblock: google-oauth-client-java/1.28.0-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
989313: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989313
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: google-oauth-client-java/1.28.0-2
From: Olek Wojnar <olek@debian.org>
Date: Mon, 31 May 2021 16:13:54 -0400
Message-id: <b1dec6d9-e36f-6c6e-d1a5-22a26cf94f7f@debian.org>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Dear Release Team,

Please unblock package google-oauth-client-java

[ Reason ]
Backport of fix for RC security issue (CVE-2020-7692)
https://security-tracker.debian.org/tracker/CVE-2020-7692
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988944

[ Impact ]
Security issue in bullseye or the removal of the entire Bazel build system.

[ Tests ]
The bazel-bootstrap package has a comprehensive test suite that uses the
code
in this package and therefore indirectly tests it. Also, please see next
section.

[ Risks ]
Two packages build-depend on this package (google-api-client-java and
bazel-bootstrap). I have built and tested both of them locally against the
new version of this package and they both build and test correctly.

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

[ Other info ]
This upload includes a VCS commit from tony mancill which corrects a
previously-undeclared build dependency from his 1.28.0-1 packaging. It is a
trivial QC change and, as you can see in the debdiff, over 99% of this
upload
is a backport of the upstream fix for this security vulnerability.

Also, this is my first security bug so please let me know if I'm missing
anything in the process! Thanks!

-Olek

Attachment: google-oauth-client-java.debdiff
Description: Binary data

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

--- End Message ---

--- Begin Message ---

To: 989313-done@bugs.debian.org

Subject: unblock google-oauth-client-java

From: Sebastian Ramacher <sramacher@respighi.debian.org>

Date: Tue, 01 Jun 2021 22:38:54 +0000

Message-id: <E1loD2E-0003xK-Uy@respighi.debian.org>
Unblocked.
--- End Message ---

Reply to:

Prev by Date: Bug#989359: marked as done (unblock: nginx/1.18.0-6.1)
Next by Date: Bug#989366: marked as done (unblock: tpm2-tools/5.0-2)
Previous by thread: Bug#989368: marked as done (unblock: libass/1:0.15.0-2)
Next by thread: Bug#989376: unblock: glusterfs/9.2-1
Index(es):
- Date
- Thread