google-oauth-client-java - Debian Package Tracker

general

source: google-oauth-client-java (main)
version: 1.28.0-1
maintainer: Debian Java Maintainers (archive) (DMD)
uploaders: Andreas Tille [DMD] – Olek Wojnar [DMD]
arch: all
std-ver: 4.5.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

testing: 1.28.0-1
unstable: 1.28.0-1

versioned links

1.28.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libgoogle-oauth-client-java

action needed

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2020-7692: PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized. An attacker is able to obtain the authorization code using a malicious app on the client-side and use it to gain authorization to the protected resource. This affects the package com.google.oauth-client:google-oauth-client before 1.31.0.

Created: 2021-02-19 Last update: 2021-03-21 19:04

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2020-7692: PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized. An attacker is able to obtain the authorization code using a malicious app on the client-side and use it to gain authorization to the protected resource. This affects the package com.google.oauth-client:google-oauth-client before 1.31.0.

Created: 2021-02-19 Last update: 2021-03-21 19:04

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2021-03-30 Last update: 2021-04-18 23:04

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1.28.0-2, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 77e8a8739bdd5cb95a764451f1289fa5b3d575a4
Author: tony mancill <tmancill@debian.org>
Date:   Sat Dec 12 20:22:32 2020 -0800

    interim changelog

commit 2e95426aaa1b587171f6e89b64a6753601c95dfe
Author: tony mancill <tmancill@debian.org>
Date:   Sat Dec 12 20:20:07 2020 -0800

    Add B-D on libgrpc-java.  (See: #977038)

commit 376bf483e2c159694e2f952343e70b82167fed32
Author: tony mancill <tmancill@debian.org>
Date:   Sat Nov 28 20:37:57 2020 -0800

    interim changelog

Created: 2020-11-29 Last update: 2021-04-15 18:41

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2021-01-27 Last update: 2021-01-27 03:02

news

[rss feed]

[2020-12-04] google-oauth-client-java 1.28.0-1 MIGRATED to testing (Debian testing watch)
[2020-11-29] Accepted google-oauth-client-java 1.28.0-1 (source) into unstable (tony mancill)
[2020-11-08] google-oauth-client-java 1.27.0-1 MIGRATED to testing (Debian testing watch)
[2020-08-09] google-oauth-client-java REMOVED from testing (Debian testing watch)
[2020-06-24] google-oauth-client-java 1.27.0-1 MIGRATED to testing (Debian testing watch)
[2020-06-18] Accepted google-oauth-client-java 1.27.0-1 (source) into unstable (Olek Wojnar)
[2020-06-18] Accepted google-oauth-client-java 1.27.0-1~exp1 (source all) into experimental, experimental (Debian FTP Masters) (signed by: Olek Wojnar)

bugs [bug history graph]

all: 0

links

homepage
lintian (0, 1)
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
other distros
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.28.0-1