Summary: | <www-apps/nextcloud-{23.0.8,24.0.4}: ssrf vulnerability | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | voyageur, web-apps |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/nextcloud/security-advisories/security/advisories/GHSA-rmf9-w497-8cq8 | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 872554 | ||
Bug Blocks: |
Description
John Helmert III
2022-09-17 16:51:43 UTC
Stable request for 23.0.8 in bug 872554, dropped 24.0.x old versions The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0acede51fe56511fd0892b63634617e13f39d59c commit 0acede51fe56511fd0892b63634617e13f39d59c Author: Bernard Cafarelli <voyageur@gentoo.org> AuthorDate: 2022-09-23 19:22:02 +0000 Commit: Bernard Cafarelli <voyageur@gentoo.org> CommitDate: 2022-09-23 19:23:37 +0000 www-apps/nextcloud: drop 24.0.3, 24.0.4 Bug: https://bugs.gentoo.org/870880 Signed-off-by: Bernard Cafarelli <voyageur@gentoo.org> www-apps/nextcloud/Manifest | 2 -- www-apps/nextcloud/nextcloud-24.0.3.ebuild | 43 ------------------------------ www-apps/nextcloud/nextcloud-24.0.4.ebuild | 43 ------------------------------ 3 files changed, 88 deletions(-) Missed cleaning up 23.0.7, I think? Looks like upstream says this is low impact, so we'll noglsa since it doesn't seem very exploitable on its own. Doing cleanup indeed, nice to see stabilization went fast (ALLARCHES++) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=41cd8c1b766690f6af80c80798dd602d91b350b2 commit 41cd8c1b766690f6af80c80798dd602d91b350b2 Author: Bernard Cafarelli <voyageur@gentoo.org> AuthorDate: 2022-09-24 21:56:57 +0000 Commit: Bernard Cafarelli <voyageur@gentoo.org> CommitDate: 2022-09-24 21:56:57 +0000 www-apps/nextcloud: drop 23.0.7 Bug: https://bugs.gentoo.org/870880 Signed-off-by: Bernard Cafarelli <voyageur@gentoo.org> www-apps/nextcloud/Manifest | 1 - www-apps/nextcloud/nextcloud-23.0.7.ebuild | 43 ------------------------------ 2 files changed, 44 deletions(-) Thank you! |