Your message dated Sun, 06 Oct 2024 10:21:53 +0000
with message-id <[email protected]>
and subject line Bug#1082041: fixed in nextcloud-desktop 3.14.1-1
has caused the Debian Bug report #1082041,
regarding nextcloud-desktop: CVE-2024-46958
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1082041: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082041
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: nextcloud-desktop
Version: 3.13.2-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for nextcloud-desktop.
CVE-2024-46958[0]:
| In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux,
| synchronized files (between the server and client) may become world
| writable or world readable. This is fixed in 3.13.4.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-46958
https://www.cve.org/CVERecord?id=CVE-2024-46958
[1] https://github.com/nextcloud/desktop/issues/6863
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: nextcloud-desktop
Source-Version: 3.14.1-1
Done: Sandro Knauß <[email protected]>
We believe that the bug you reported is fixed in the latest version of
nextcloud-desktop, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sandro Knauß <[email protected]> (supplier of updated nextcloud-desktop package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 06 Oct 2024 12:03:23 +0200
Source: nextcloud-desktop
Architecture: source
Version: 3.14.1-1
Distribution: experimental
Urgency: medium
Maintainer: ownCloud for Debian maintainers
<[email protected]>
Changed-By: Sandro Knauß <[email protected]>
Closes: 1082041
Changes:
nextcloud-desktop (3.14.1-1) experimental; urgency=medium
.
* New upstream release 3.14.1 fix CVE-2024-46958 (Closes: #1082041)
* Update build-deps and deps with the info from cmake.
* Update patch hunks.
* Switch build to Qt6.
* Build dolphin 6 plugin.
* Use pkgkde-getqmldepends to detect qml depends.
* Add qml depdendecies to Build-Depdends.
* Add Multi-Arch: foreign to Arch:all packages.
* Update lintian-overrides.
Checksums-Sha1:
1a87fac6ee3be8c24a180f5fb41217ea3fc4e3b1 3826 nextcloud-desktop_3.14.1-1.dsc
fb4d50700f4d144a954336705b270bb1e09049c6 13956052
nextcloud-desktop_3.14.1.orig.tar.gz
ccacfd1fb63bad8341ae5c774a9ff8d8384bcb61 15212
nextcloud-desktop_3.14.1-1.debian.tar.xz
Checksums-Sha256:
5842f8f8824be17473a20499a02d29ef5c54838e8b8d80ef540227927a556721 3826
nextcloud-desktop_3.14.1-1.dsc
83ddff511684c7b56a0a428c1a50630042a4c64d7b382d13b083509051cac8b9 13956052
nextcloud-desktop_3.14.1.orig.tar.gz
d473790d5382ce4a45c73a7415ecce2126cf2266a631bda6e7f063699cb073b9 15212
nextcloud-desktop_3.14.1-1.debian.tar.xz
Files:
8edefab261f2f7545e7bdd3772dc1d29 3826 net optional
nextcloud-desktop_3.14.1-1.dsc
8f3a5a41516c51384c558cc855e0e4c3 13956052 net optional
nextcloud-desktop_3.14.1.orig.tar.gz
0c3508c59c96f99de211090a5377680a 15212 net optional
nextcloud-desktop_3.14.1-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEEOewRoCAWtykmSRoG462wCFBgVjYFAmcCYZgRHGhlZmVlQGRl
Ymlhbi5vcmcACgkQ462wCFBgVjZe3g/8DBvkE/wM8JC1vdJ6j4ilApFkE2AbjMt6
vKSwBDWJq1A2/B+ymFUJDV1yL7cq2BDj2baI0y2yjIsq+vKLQoI9GU4/cLSoS1cn
VF1RoTPwbQW7XMFI+1oCFJdyfPgH37mDh1KBK8UE3zBW1vHp+OKCneS/AVsLmAk1
FdmE882F9ulmNRnStqZ3oFjyP18Fd06QGFaEqiabfwXHfDSN6fxY64EPFtmVAMTJ
lmcObXooXIXpzDKnltQVAcYVcZGGeCCZwMLEkE7+wtze3M03flFVBkzyQVPNJq5t
LZ6sFqbs7ghBpu6GVoeVnIlU7McPEU/oiN5/9tX1pJwBl9Ha21XFgyNdO1kHjxtE
I1PbukJ6sCOcuMOM4eWPolEZjglsyMfGcsPxblg+6TgWCHO9VBI3RbsyxtLVqWWS
+p2OYk+plexDHiMDpripgp001Fe3p8cYnkfOE0a6tyReie/9Lh3NEW3KkPHJfx8l
Ueighy+SRFXB5nKOtOBWI+wN3JGS//qt9g03ENq6SXpo3zhSZ364iXSe6ubmGZZT
BO50iR2pgI4JwVFICEjheHAKo1kpkxZXeCIXC4jY8azgqK0yQRPxw6pGDOsSntmo
Olxq1amToANnZ75V7cS6Xw4j0auPLMVGYkrekFKVQrf0EHOMHhs+pXGAyFpzarS/
K9qSsF0R+bM=
=SAm6
-----END PGP SIGNATURE-----
pgpfa2BslHTNM.pgp
Description: PGP signature
--- End Message ---
