Bug 31762

Summary: nextcloud new security issues CVE-2022-35931, CVE-2022-39346, CVE-2023-25579
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Nicolas Lécureuil <mageia>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: chb0, fri
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
See Also: https://bugs.mageia.org/show_bug.cgi?id=28511
Whiteboard:
Source RPM: nextcloud-24.0.5-3.mga9.src.rpm CVE:
Status comment:

Description David Walser 2023-04-05 02:44:50 CEST 
openSUSE has issued an advisory on April 3:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7E2FX5KGET4IYNWVYBLR7XYJMJ7SJD4/

The issues have been fixed at least as of 24.0.8.

Also, this package should be dropped before Cauldron is branched for Mageia 9.
Comment 1 Morgan Leijström 2023-04-05 10:20:19 CEST 
Assigning maintainer, CC another packager

See also long discussion on linked bug.
And https://bugs.mageia.org/show_bug.cgi?id=30163#c26

See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=28511
CC: (none) => chb0, fri
Assignee: bugsquad => mageia

Comment 2 Morgan Leijström 2024-01-08 09:27:29 CET 
In practise we are not shipping Nextcloud server packages.
Did not really get it into mga8, which is now EOL.
Do not exist in mga9.

We have some aged info at https://wiki.mageia.org/en/Nextcloud, which links to our page on installing Nextcloud manually from upstream.

Resolution: (none) => OLD
Status: NEW => RESOLVED