Summary: | <net-misc/nextcloud-client-3.3.4: lacking SSL certificate validation (CVE-2021-32728) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | voyageur |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/nextcloud/security-advisories/security/advisories/GHSA-f5fr-5gcv-6cc5 | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2021-08-21 02:19:30 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fa2fce3ee3c2f60b38c962da8d4d1260039a1206 commit fa2fce3ee3c2f60b38c962da8d4d1260039a1206 Author: Bernard Cafarelli <voyageur@gentoo.org> AuthorDate: 2022-02-14 08:54:24 +0000 Commit: Bernard Cafarelli <voyageur@gentoo.org> CommitDate: 2022-02-14 08:54:32 +0000 net-misc/nextcloud-client: drop vulnerable version Bug: https://bugs.gentoo.org/809311 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Bernard Cafarelli <voyageur@gentoo.org> net-misc/nextcloud-client/Manifest | 1 - .../nextcloud-client/nextcloud-client-3.1.3.ebuild | 89 ---------------------- 2 files changed, 90 deletions(-) Sorry this bug had slipped under my radar, I just found it checking open bugs for nextcloud-client. The good thing is since bug opening, 3.3.6 was stabled so vulnerable version is now dropped Thanks! Minimal impact/complex to exploit so no GLSA. All done! |