[Pkg-owncloud-maintainers] Bug#989846: CVE-2021-22895
Salvatore Bonaccorso
carnil at debian.org
Mon Sep 13 20:55:40 BST 2021
Hi Sandro,
On Sun, Sep 12, 2021 at 06:33:57PM +0200, Sandro Knauß wrote:
> Hey,
> > > > What about Buster? Is 2.5 also affected?
> > >
> > > yes 2.5 is also affected. At least the source files look the same.
> >
> > Ack, can you also prepare an update for buster-security, please?
>
> I have here a proposed debdiff. I added a third patch, so users have the
> possiblility to accept invalid certs otherwise they would fail silently. At
> least for me this sounds like not a proper solution.
Deferring a reply for this one to Moritz.
> * Do I need to upload also with sources? How can I check this myself?
Whenever you do a first upload to security-master where the source
would not have been present yet, then yes the orig source needs to be
included. For nextcloud-desktop +deb10u1 was via a buster point
release, so it would be correct to build with -sa.
Note that yu want to change the target distribution to buster-security
in:
> +nextcloud-desktop (2.5.1-3+deb10u2) buster; urgency=high
Regards,
Salvatore
More information about the Pkg-owncloud-maintainers
mailing list