Summary: | <www-apps/nextcloud-{16.0.9,17.0.5,18.0.3}: Multiple vulnerabilities (CVE-2020-{8138,8139}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | voyageur, web-apps |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | ~3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Sam James
2020-03-21 00:04:00 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8effbb3d50baff2d4f495b5e7394263138c7d582 commit 8effbb3d50baff2d4f495b5e7394263138c7d582 Author: Bernard Cafarelli <voyageur@gentoo.org> AuthorDate: 2020-03-25 22:49:19 +0000 Commit: Bernard Cafarelli <voyageur@gentoo.org> CommitDate: 2020-03-25 22:49:41 +0000 www-apps/nextcloud: drop vulnerable versions Bug: https://bugs.gentoo.org/713724 Package-Manager: Portage-2.3.96, Repoman-2.3.21 Signed-off-by: Bernard Cafarelli <voyageur@gentoo.org> www-apps/nextcloud/Manifest | 3 --- www-apps/nextcloud/nextcloud-16.0.8.ebuild | 41 ------------------------------ www-apps/nextcloud/nextcloud-17.0.3.ebuild | 41 ------------------------------ www-apps/nextcloud/nextcloud-18.0.1.ebuild | 41 ------------------------------ 4 files changed, 126 deletions(-) @ maintainer(s): Please update to >=18.0.3, >=17.0.5, too. These are out-of-band security releases... No further information available yet, > As a matter of policy, we don’t give details about security fixes until < 2 weeks after release because that gives the Bad Folks tips on how to < exploit them. In 2 weeks, we will have published security advisories > with impact analysis on https://nextcloud.com/security/ 1 as usual. https://help.nextcloud.com/t/is-update-to-18-03-real/74909/25 Ack, these new releases are on https://nextcloud.com/changelog/ now too. Quick testing and update in progress The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=af744194eb8c0bac0db8d8a4ee91aa8ecb2493fd commit af744194eb8c0bac0db8d8a4ee91aa8ecb2493fd Author: Bernard Cafarelli <voyageur@gentoo.org> AuthorDate: 2020-03-26 00:50:04 +0000 Commit: Bernard Cafarelli <voyageur@gentoo.org> CommitDate: 2020-03-26 00:50:23 +0000 www-apps/nextcloud: 18.0.3, 17.0.5 security bumps These are security updates, replacing the previous versions in tree Bug: https://bugs.gentoo.org/713724 Package-Manager: Portage-2.3.96, Repoman-2.3.21 Signed-off-by: Bernard Cafarelli <voyageur@gentoo.org> www-apps/nextcloud/Manifest | 4 ++-- .../nextcloud/{nextcloud-17.0.4.ebuild => nextcloud-17.0.5.ebuild} | 0 .../nextcloud/{nextcloud-18.0.2.ebuild => nextcloud-18.0.3.ebuild} | 0 3 files changed, 2 insertions(+), 2 deletions(-) Tree is clean, thank you! |