[Git][security-tracker-team/security-tracker][master] Reserve DLA-4303-1 for nextcloud-desktop
Abhijith PA (@abhijith)
abhijith at debian.org
Thu Sep 18 03:58:38 BST 2025
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker
Commits:
adae494a by Abhijith PA at 2025-09-18T08:28:20+05:30
Reserve DLA-4303-1 for nextcloud-desktop
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -228477,7 +228477,6 @@ CVE-2023-28998 (The Nextcloud Desktop Client is a tool to synchronize files from
NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-jh3g-wpwv-cqgr
CVE-2023-28997 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...)
- nextcloud-desktop 3.7.0-1
- [bullseye] - nextcloud-desktop <no-dsa> (Minor issue)
[buster] - nextcloud-desktop <no-dsa> (Minor issue)
NOTE: https://github.com/nextcloud/desktop/pull/5324
NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4p33-rw27-j5fc
@@ -279200,28 +279199,24 @@ CVE-2022-39335 (Synapse is an open-source Matrix homeserver written and maintain
NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-45cj-f97f-ggwv
CVE-2022-39334 (Nextcloud also ships a CLI utility called nextcloudcmd which is someti ...)
- nextcloud-desktop 3.6.1-1
- [bullseye] - nextcloud-desktop <no-dsa> (Minor issue)
[buster] - nextcloud-desktop <no-dsa> (Minor issue)
NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-82xx-98xv-4jxv
NOTE: https://github.com/nextcloud/desktop/issues/4927
NOTE: https://github.com/nextcloud/desktop/pull/5022
CVE-2022-39333 (Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker ...)
- nextcloud-desktop 3.6.1-1
- [bullseye] - nextcloud-desktop <no-dsa> (Minor issue)
[buster] - nextcloud-desktop <no-dsa> (Minor issue)
NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-92p9-x79h-2mj8
NOTE: https://github.com/nextcloud/desktop/pull/4972
NOTE: https://hackerone.com/reports/1711847
CVE-2022-39332 (Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker ...)
- nextcloud-desktop 3.6.1-1
- [bullseye] - nextcloud-desktop <no-dsa> (Minor issue)
[buster] - nextcloud-desktop <no-dsa> (Minor issue)
NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q9f6-4r6r-h74p
NOTE: https://github.com/nextcloud/desktop/pull/4972
NOTE: https://hackerone.com/reports/1668028
CVE-2022-39331 (Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker ...)
- nextcloud-desktop 3.6.1-1
- [bullseye] - nextcloud-desktop <no-dsa> (Minor issue)
[buster] - nextcloud-desktop <no-dsa> (Minor issue)
NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c3xh-q694-6rc5
NOTE: https://github.com/nextcloud/desktop/pull/4944
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[18 Sep 2025] DLA-4303-1 nextcloud-desktop - security update
+ {CVE-2022-39331 CVE-2022-39332 CVE-2022-39333 CVE-2022-39334 CVE-2023-28997}
+ [bullseye] - nextcloud-desktop 3.1.1-2+deb11u2
[16 Sep 2025] DLA-4302-1 node-sha.js - security update
{CVE-2025-9288}
[bullseye] - node-sha.js 2.4.11-2+deb11u1
=====================================
data/dla-needed.txt
=====================================
@@ -265,12 +265,6 @@ nagvis
netty
NOTE: 20250814: Added by Front-Desk (lamby)
--
-nextcloud-desktop (Abhijith PA)
- NOTE: 20250521: Added by Front-Desk (Beuc)
- NOTE: 20250521: Many postponed vulnerabilities to fix (Beuc/front-desk)
- NOTE: 20250818: Fixed CVE-2022-39331 CVE-2022-39332 CVE-2022-39333 CVE-2022-39334 (abhijith)
- NOTE: 20250902: Almost upload ready (abhijith)
---
node-axios
NOTE: 20250308: Added by Front-Desk (rouca)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/adae494a22a94bdd44b891a5623ffd432af483c4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/adae494a22a94bdd44b891a5623ffd432af483c4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250918/349e9778/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list