Summary: | <www-apps/nextcloud-{22.2.7,23.0.4}: DoS via very long app passwords | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | polynomial-c, voyageur, web-apps |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/nextcloud/security-advisories/security/advisories/GHSA-7cwm-qph5-4h5w | ||
Whiteboard: | B3 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 849683 | ||
Bug Blocks: |
Description
John Helmert III
2022-05-31 23:28:29 UTC
For 22.2, we only have 22.2.7 so good For 23, we should indeed stabilize newer version, I would go for 23.0.5 to get more fixes in The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=50f9c464d6b431aafc38e8ad8689b7c648806f3e commit 50f9c464d6b431aafc38e8ad8689b7c648806f3e Author: Bernard Cafarelli <voyageur@gentoo.org> AuthorDate: 2022-06-05 19:21:20 +0000 Commit: Bernard Cafarelli <voyageur@gentoo.org> CommitDate: 2022-06-05 19:23:06 +0000 www-apps/nextcloud: drop 22.2.7, 23.0.3, 23.0.4 Bug: https://bugs.gentoo.org/848873 Signed-off-by: Bernard Cafarelli <voyageur@gentoo.org> www-apps/nextcloud/Manifest | 3 --- www-apps/nextcloud/nextcloud-22.2.7.ebuild | 43 ------------------------------ www-apps/nextcloud/nextcloud-23.0.3.ebuild | 43 ------------------------------ www-apps/nextcloud/nextcloud-23.0.4.ebuild | 43 ------------------------------ 4 files changed, 132 deletions(-) Thanks! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=b56f993e2e4fa0778f67ba7d3b8fbb350d4c7386 commit b56f993e2e4fa0778f67ba7d3b8fbb350d4c7386 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-10 22:31:11 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-10 22:33:19 +0000 [ GLSA 202208-17 ] Nextcloud: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/797253 Bug: https://bugs.gentoo.org/802096 Bug: https://bugs.gentoo.org/812443 Bug: https://bugs.gentoo.org/820368 Bug: https://bugs.gentoo.org/834803 Bug: https://bugs.gentoo.org/835073 Bug: https://bugs.gentoo.org/848873 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202208-17.xml | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) GLSA released, all done! |