Bug 31762 - nextcloud new security issues CVE-2022-35931, CVE-2022-39346, CVE-2023-25579
Summary: nextcloud new security issues CVE-2022-35931, CVE-2022-39346, CVE-2023-25579
Status: RESOLVED OLD
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Nicolas Lécureuil
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-04-05 02:44 CEST by David Walser
Modified: 2024-01-08 09:27 CET (History)
2 users (show)

See Also:
Source RPM: nextcloud-24.0.5-3.mga9.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2023-04-05 02:44:50 CEST 
openSUSE has issued an advisory on April 3:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/M7E2FX5KGET4IYNWVYBLR7XYJMJ7SJD4/

The issues have been fixed at least as of 24.0.8.

Also, this package should be dropped before Cauldron is branched for Mageia 9.
Comment 1 Morgan Leijström 2023-04-05 10:20:19 CEST 
Assigning maintainer, CC another packager

See also long discussion on linked bug.
And https://bugs.mageia.org/show_bug.cgi?id=30163#c26

See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=28511
CC: (none) => chb0, fri
Assignee: bugsquad => mageia

Comment 2 Morgan Leijström 2024-01-08 09:27:29 CET 
In practise we are not shipping Nextcloud server packages.
Did not really get it into mga8, which is now EOL.
Do not exist in mga9.

We have some aged info at https://wiki.mageia.org/en/Nextcloud, which links to our page on installing Nextcloud manually from upstream.

Resolution: (none) => OLD
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.