Debian Bug report logs -
#987353
CVE-2020-8903 CVE-2020-8907 CVE-2020-8933
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian Cloud Team <debian-cloud@lists.debian.org>:
Bug#987353; Package src:google-compute-image-packages.
(Thu, 22 Apr 2021 08:48:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian Cloud Team <debian-cloud@lists.debian.org>.
(Thu, 22 Apr 2021 08:48:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: google-compute-image-packages
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
https://cloud.google.com/compute/docs/security-bulletins#2020619 seems unfixed
unstable/bullseye still.
Patches:
https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Cloud Team <debian-cloud@lists.debian.org>:
Bug#987353; Package src:google-compute-image-packages.
(Thu, 22 Apr 2021 16:57:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Zach Marano <zmarano@google.com>:
Extra info received and forwarded to list. Copy sent to Debian Cloud Team <debian-cloud@lists.debian.org>.
(Thu, 22 Apr 2021 16:57:05 GMT) (full text, mbox, link).
Message #10 received at 987353@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi, since this package was brought into Debian in ~2018, there have been
several transformations in the GCE guest software stack and thus the
current landscape is very different. Google doesn't actually maintain the
official Debian package and we're not sure who is, if anyone. The Google
provided packages are shipped separately and will override the Debian
package if you use them from our repositories. Please see either our Google
Cloud docs <https://cloud.google.com/compute/docs/images/guest-environment>
or github readme
<https://github.com/GoogleCloudPlatform/compute-image-packages> for info on
the packages we are maintaining and shipping for Debian systems and on the
base Google provided GCE Debian images. Unfortunately, we never did find a
DD sponsor to help maintain our guest packages in Debian on the cadence
that we needed. I would advocate for removing this package from Debian if
we can't find a set of maintainers.
-----
Zach Marano
zmarano@google.com
On Thu, Apr 22, 2021 at 1:48 AM Moritz Muehlenhoff <jmm@debian.org> wrote:
> Source: google-compute-image-packages
> Severity: grave
> Tags: security
> X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
>
> https://cloud.google.com/compute/docs/security-bulletins#2020619 seems
> unfixed
> unstable/bullseye still.
>
> Patches:
> https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29
>
> Cheers,
> Moritz
>
>
>
[Message part 2 (text/html, inline)]
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Fri Apr 23 08:07:42 2021;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon