Your message dated Mon, 31 May 2021 01:48:37 +0000
with message-id <[email protected]>
and subject line Bug#988944: fixed in google-oauth-client-java 1.28.0-2
has caused the Debian Bug report #988944,
regarding CVE-2020-7692
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
988944: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988944
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: google-oauth-client-java
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team <[email protected]>
CVE-2020-7692:
https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEOAUTHCLIENT-575276
https://github.com/googleapis/google-oauth-java-client/issues/469
https://github.com/googleapis/google-oauth-java-client/commit/13433cd7dd06267fc261f0b1d4764f8e3432c824
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: google-oauth-client-java
Source-Version: 1.28.0-2
Done: Olek Wojnar <[email protected]>
We believe that the bug you reported is fixed in the latest version of
google-oauth-client-java, which is due to be installed in the Debian FTP
archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Olek Wojnar <[email protected]> (supplier of updated google-oauth-client-java
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 30 May 2021 14:13:21 -0400
Source: google-oauth-client-java
Architecture: source
Version: 1.28.0-2
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers
<[email protected]>
Changed-By: Olek Wojnar <[email protected]>
Closes: 988944
Changes:
google-oauth-client-java (1.28.0-2) unstable; urgency=high
.
[ tony mancill ]
* Correct typo in changelog for 1.28.0-1.
The previous upload closed bug 975846, not 975842.
* Add B-D on libgrpc-java. (See: #977038)
[ Olek Wojnar ]
* Cherrypick upstream commit to fix CVE-2020-7692 (Closes: #988944)
Checksums-Sha1:
e799ca52cbe0ea10c67959b1218b9b6f4458aea7 2225
google-oauth-client-java_1.28.0-2.dsc
51d23490bb79395a801c5a66665748fef74302e1 8640
google-oauth-client-java_1.28.0-2.debian.tar.xz
89d9271fae69401fd78c80b5568f3ce23012a7a5 12713
google-oauth-client-java_1.28.0-2_amd64.buildinfo
Checksums-Sha256:
930b388387400c1a317aceae0e91403a15892a0af726de4ebb762a11948634bd 2225
google-oauth-client-java_1.28.0-2.dsc
bb2ba7707660b79529b35c98a88c8bfafbe9d46caed3701d0b1325daeaa036c4 8640
google-oauth-client-java_1.28.0-2.debian.tar.xz
5924c2faad37aa3adcc679173e814c56f3e6fc0c96b145b438d9d3799b826f04 12713
google-oauth-client-java_1.28.0-2_amd64.buildinfo
Files:
5632861cc072378441bbb1bf834b8e78 2225 java optional
google-oauth-client-java_1.28.0-2.dsc
c72dd58f6c7d0e77d9825765b5b1290d 8640 java optional
google-oauth-client-java_1.28.0-2.debian.tar.xz
c1a16f9865793327ab6e3cb25fa40cae 12713 java optional
google-oauth-client-java_1.28.0-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEELejiDiSiH9jtG0ynfYPUBqCdweQFAmC0O0EACgkQfYPUBqCd
weSw2A//SahhPnwL0qkz/wyf4SIYuINCSd7LpK9pijXzukLxuXx2x/vzZpL66jdg
eFFrHTYSsG87BpwHLqDuQLxJeaEcKNkA/ffuhLkjeQq/d1gZ38yB5QUBpzRQzVlB
1vrVLzg2SHH7o1Was0uAOAjUafXhyracj8ZepxXhzcES0q+napjPyDGHC9Nb7IU7
F736llKZ4XkbhIjo7SnNa6ztoMr4YsEhnwi0w4v5lt/qJwkcBvUoB/qa43adtrcu
4KRB+GjsCKiMCf2jAllh2t6f0nWHrdeLtqRkTFfmsPWN4wCmKEopxhVny30WMMGC
dD6la0Gvo7DV5l65TXqx4odhDKI024cwrDs0CdS3CQe0em/TY/g2UgpnF43k4Scn
AfiMTdmEezHNBnuUSrAUe0CmaFgcxQ8MGDZ/kccz3A+79PnyUMBjoBeIA2BoRPC2
H4U4ch+BFmZsivRJpYbftRPdDMSa6YvtG9mIi18nmfrVY6w7LZW0YaEYzcc7NZTF
QwyKW4UpVuaxu9tzlC8hAPfAjir34xNfl2nowXhoFP/tvP0WJugXmSoEyygV9htc
/RsSadl5OgwwhyFnMc8K+Ri+360U0kMDTAwe3MMnGmxBgOhux8CPn3CT9onYxnR0
+ZunGguvbr6MxMbolYtLNBrWoocI01ZUxnxXFBN+YbNnyvx5osA=
=tWr9
-----END PGP SIGNATURE-----
--- End Message ---
__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
[email protected] for discussions and questions.
