Your message dated Tue, 01 Jun 2021 22:38:54 +0000 with message-id <E1loD2E-0003xK-Uy@respighi.debian.org> and subject line unblock google-oauth-client-java has caused the Debian Bug report #989313, regarding unblock: google-oauth-client-java/1.28.0-2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 989313: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989313 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock: google-oauth-client-java/1.28.0-2
- From: Olek Wojnar <olek@debian.org>
- Date: Mon, 31 May 2021 16:13:54 -0400
- Message-id: <b1dec6d9-e36f-6c6e-d1a5-22a26cf94f7f@debian.org>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock Dear Release Team, Please unblock package google-oauth-client-java [ Reason ] Backport of fix for RC security issue (CVE-2020-7692) https://security-tracker.debian.org/tracker/CVE-2020-7692 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988944 [ Impact ] Security issue in bullseye or the removal of the entire Bazel build system. [ Tests ] The bazel-bootstrap package has a comprehensive test suite that uses the code in this package and therefore indirectly tests it. Also, please see next section. [ Risks ] Two packages build-depend on this package (google-api-client-java and bazel-bootstrap). I have built and tested both of them locally against the new version of this package and they both build and test correctly. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [ Other info ] This upload includes a VCS commit from tony mancill which corrects a previously-undeclared build dependency from his 1.28.0-1 packaging. It is a trivial QC change and, as you can see in the debdiff, over 99% of this upload is a backport of the upstream fix for this security vulnerability. Also, this is my first security bug so please let me know if I'm missing anything in the process! Thanks! -OlekAttachment: google-oauth-client-java.debdiff
Description: Binary dataAttachment: OpenPGP_signature
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
- To: 989313-done@bugs.debian.org
- Subject: unblock google-oauth-client-java
- From: Sebastian Ramacher <sramacher@respighi.debian.org>
- Date: Tue, 01 Jun 2021 22:38:54 +0000
- Message-id: <E1loD2E-0003xK-Uy@respighi.debian.org>
Unblocked.
--- End Message ---