Your message dated Wed, 04 Dec 2024 19:21:07 +0000
with message-id <e1tiuvr-00bqyt...@fasolo.debian.org>
and subject line Bug#1087885: fixed in nextcloud-desktop 3.15.0-1
has caused the Debian Bug report #1087885,
regarding nextcloud-desktop: CVE-2024-52510
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1087885: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1087885
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: nextcloud-desktop
Version: 3.13.2-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 3.0.1-1
Hi,
The following vulnerability was published for nextcloud-desktop.
CVE-2024-52510[0]:
| The Nextcloud Desktop Client is a tool to synchronize files from
| Nextcloud Server with your computer. The Desktop client did not stop
| with an error but allowed by-passing the signature validation, if a
| manipulated server sends an empty initial signature. It is
| recommended that the Nextcloud Desktop client is upgraded to 3.14.2
| or later.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-52510
https://www.cve.org/CVERecord?id=CVE-2024-52510
[1]
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-r4qc-m9mj-452v
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: nextcloud-desktop
Source-Version: 3.15.0-1
Done: Sandro Knauß <he...@debian.org>
We believe that the bug you reported is fixed in the latest version of
nextcloud-desktop, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1087...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sandro Knauß <he...@debian.org> (supplier of updated nextcloud-desktop package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 04 Dec 2024 19:52:37 +0100
Source: nextcloud-desktop
Architecture: source
Version: 3.15.0-1
Distribution: unstable
Urgency: medium
Maintainer: ownCloud for Debian maintainers
<pkg-owncloud-maintain...@lists.alioth.debian.org>
Changed-By: Sandro Knauß <he...@debian.org>
Closes: 1082041 1087885
Changes:
nextcloud-desktop (3.15.0-1) unstable; urgency=medium
.
* New upstream release 3.15.0 fix CVE-2024-52510 (Closes: #1087885).
* Use dh_qmldeps to detect QML dependencies.
* Release to unstable.
.
nextcloud-desktop (3.14.1-1) experimental; urgency=medium
.
* New upstream release 3.14.1 fix CVE-2024-46958 (Closes: #1082041)
* Update build-deps and deps with the info from cmake.
* Update patch hunks.
* Switch build to Qt6.
* Build dolphin 6 plugin.
* Use pkgkde-getqmldepends to detect qml depends.
* Add qml depdendecies to Build-Depdends.
* Add Multi-Arch: foreign to Arch:all packages.
* Update lintian-overrides.
Checksums-Sha1:
cddfb0905a0aae9c6d3c404760242ffaa386efe4 3635 nextcloud-desktop_3.15.0-1.dsc
8b714d5190db3ddf5b932f41dcc8931704aa95f4 15651469
nextcloud-desktop_3.15.0.orig.tar.gz
8a6d73748d0643c5a23cc787db5e696d7f20f1a3 15260
nextcloud-desktop_3.15.0-1.debian.tar.xz
Checksums-Sha256:
0c917845bf53bc4062283dafdb5c6b5947aa73f26b1b17a76e657c97c13e0c32 3635
nextcloud-desktop_3.15.0-1.dsc
d35774580a16d0fdf6b4160fbe71c50ec871e84b610342152c78c6ea22c5e1de 15651469
nextcloud-desktop_3.15.0.orig.tar.gz
f4b2dc343b11d5fb44623503e6d5aec8486bdcbd00e97fbc321ddec80ceff140 15260
nextcloud-desktop_3.15.0-1.debian.tar.xz
Files:
eab1bf56431da24c61d6b82ef5ef9f38 3635 net optional
nextcloud-desktop_3.15.0-1.dsc
713ef1e3cca202b66b7691b9dbc30e00 15651469 net optional
nextcloud-desktop_3.15.0.orig.tar.gz
e86b10cdda27a5b869694fc4edfba95d 15260 net optional
nextcloud-desktop_3.15.0-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEEOewRoCAWtykmSRoG462wCFBgVjYFAmdQpesRHGhlZmVlQGRl
Ymlhbi5vcmcACgkQ462wCFBgVjYbSw//VZKvupPhX3ljQ/dJc4OfXq9MVEJxPakP
4gsA7uBgb6vp+ES8Jq358RfX1SwJDNJsNBc3JFKYQ2Ri6a4ym2Q06Tm9JNL63mk6
EHArY2Bl/Oq9PdHze9qnASyRwFnYSw+dvwfGCUIo4seA5GsDfXWkp8F5x3Bbz8n0
7qieDcilBnmZnYVEcyjbUwEejmFdjaxrsi0fpySo1aBs5xrjBMT9g/07Ve5pMRqy
eDQWaZZYCV3Nq+olAPuJZ+PBb+9EkJpMqnLJy2N+vtzLsMrNNNtQ4WorqR9dGCyB
iI/24LJOfTSJUiV6GBXsEQlPQJoTwc8RZj3/r2MDlEmUUzVl0BCqIpKZA99ZY4qx
NBVRUWMFwvQ++c3HIyb/BHLcAPoFgFpPhLM+zqMX3wD9kn++aN/Lguzpg4B4pnQg
+eMUXfebwzw04aG0PN4Xz5zrP4G3+ErNdla81s0GA5NNBPGCxdnDTNkt9c8WCu1G
aSrdr3/gx4eSUjYGJUiJEoB9OuKuCw9JJ1dJME3W6FLMjnwUzOC6v3KTAX68fAPP
z10Lx9An0NkVcnB9Ea/KOZhuswd0esP/UaXmRjUw4qbjCIrdYNyW5QtVSR2ku8rT
c/EzrXFjJVR8XB/OpqM2lz86YmpIKIhOOlWDBULq/o4LVoSRAbuHqYjeX6fJGf1a
t82PhKeKf5c=
=l5Y2
-----END PGP SIGNATURE-----
pgp9Dkaexav8Z.pgp
Description: PGP signature
--- End Message ---
