Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Please clarify CVE-2024-22403 of 18 January 2024 #42944

Closed
solracsf opened this issue Jan 18, 2024 · 5 comments
Closed

Please clarify CVE-2024-22403 of 18 January 2024 #42944

solracsf opened this issue Jan 18, 2024 · 5 comments
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap security technical debt

Comments

@solracsf
Copy link
Member

solracsf commented Jan 18, 2024

About GHSA-wppc-f5g8-vx36

It is stated that:

It is recommended that the Nextcloud Server is upgraded to 28.0.0
It is recommended that the Nextcloud Enterprise Server is upgraded to 28.0.0

Does this mean that (supported) server versions 26 and 27 will remain unpatched?
(or, in other words, no backport of #40766 to server supported versions)?

Thanks.

@solracsf solracsf added 0. Needs triage Pending check for reproducibility or if it fits our roadmap security technical debt labels Jan 18, 2024
@nickvergessen
Copy link
Member

That is correct.


PS: For the next time (due to notification settings of the security team) please consider the note in the SA:

If you have any questions or comments about this advisory:

@nickvergessen nickvergessen closed this as not planned Won't fix, can't repro, duplicate, stale Jan 18, 2024
@solracsf
Copy link
Member Author

solracsf commented Jan 22, 2024

This has been backported, for the record: #43020

@bcutter
Copy link

bcutter commented Jan 28, 2024

This has been backported, for the record: #43020

Might this be the reason for this insane #43157 ?

@nickvergessen
Copy link
Member

nickvergessen commented Jan 28, 2024

No, especially because someone has the same issue from 28.0.2rc1 to 28.0.2rc4, because 28 got there fix in 28.0.0 already

@bcutter

This comment was marked as off-topic.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap security technical debt
Projects
None yet
Development

No branches or pull requests

3 participants