On Fri, May 06, 2022 at 09:46:24AM +0100, Neil Williams wrote: > Source: google-oauth-client-java > Version: 1.28.0-2 > Severity: grave > Tags: security > Justification: user security hole > > Hi, > > The following vulnerability was published for google-oauth-client-java. > > CVE-2021-22573[0]: > > (SNIP) > > Fixed in upstream release 1.33.3 > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2021-22573 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22573 > > Please adjust the affected versions in the BTS as needed.
Upstream version 1.33.3 requires a minor update to the Debian packaging of google-http-client-java that I am working on now. I will upload a package for 1.33.3 in the next day or so. Cheers, tony
