Bug#989846: CVE-2021-22895

2021-09-12 Thread Sandro Knauß
Hey, > > > What about Buster? Is 2.5 also affected? > > > > yes 2.5 is also affected. At least the source files look the same. > > Ack, can you also prepare an update for buster-security, please? I have here a proposed debdiff. I added a third patch, so users have the possiblility to accept inv

Bug#989846: CVE-2021-22895

2021-09-13 Thread Salvatore Bonaccorso
Hi Sandro, On Sun, Sep 12, 2021 at 06:33:57PM +0200, Sandro Knauß wrote: > Hey, > > > > What about Buster? Is 2.5 also affected? > > > > > > yes 2.5 is also affected. At least the source files look the same. > > > > Ack, can you also prepare an update for buster-security, please? > > I have her

Bug#989846: CVE-2021-22895

2021-06-14 Thread Moritz Muehlenhoff
Package: nextcloud-desktop Severity: important Tags: security X-Debbugs-Cc: Debian Security Team See https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qpgp-vf4p-wcw5 Patch: https://github.com/nextcloud/desktop/commit/b1ddd0e491b2af0ed040e658d8bcde2a7a61c9fc Can you plea

Bug#989846: CVE-2021-22895

2021-08-22 Thread Sandro Knauß
Hey, finally, I managed to prepare a patched version of nextcloud-desktop. I fixed both open isses for nextcloud-desktop for bullseye. See my attached debdiff. * CVE-2021-22895 * CVE-2021-32728 Did I managed all field correctly (codename and urgency)? sid with be fixed with a new upload the n

Bug#989846: CVE-2021-22895

2021-08-22 Thread Moritz Mühlenhoff
Am Sun, Aug 22, 2021 at 08:47:45PM +0200 schrieb Sandro Knauß: > Hey, > > finally, I managed to prepare a patched version of nextcloud-desktop. > > I fixed both open isses for nextcloud-desktop for bullseye. See my attached > debdiff. > > * CVE-2021-22895 > * CVE-2021-32728 > > Did I managed a

Bug#989846: CVE-2021-22895

2021-08-22 Thread Sandro Knauß
Hey, > Looks good! Please build with -sa (since nextcloud-desktop is new in > bullseye-security and ftp.d.o and security.d.o don't share tarballs). done. > What about Buster? Is 2.5 also affected? yes 2.5 is also affected. At least the source files look the same. hefee signature.asc Descrip

Bug#989846: CVE-2021-22895

2021-08-23 Thread Moritz Mühlenhoff
Am Sun, Aug 22, 2021 at 09:34:58PM +0200 schrieb Sandro Knauß: > Hey, > > > Looks good! Please build with -sa (since nextcloud-desktop is new in > > bullseye-security and ftp.d.o and security.d.o don't share tarballs). > > done. > > > What about Buster? Is 2.5 also affected? > > yes 2.5 is also