Overview Details

File _patchinfo of Package patchinfo

<patchinfo incident="11971">
  <issue tracker="bnc" id="1162782">VUL-1: CVE-2020-8118: nextcloud: An authenticated server-side request forgery allowed to detect local and remote services when adding a new subscription in the calendar application</issue>
  <issue tracker="bnc" id="1162766">VUL-1: CVE-2019-15613: nextcloud: workflow rules to depend their behaviour on the file extension when checking file mimetypes</issue>
  <issue tracker="bnc" id="1162781">VUL-1: CVE-2020-8119: nextcloud: Improper authorization causes leaking of previews and files when a file-drop share link is opened via the gallery app</issue>
  <issue tracker="bnc" id="1162775">VUL-1: CVE-2019-15623: nextcloud: Exposure of Private Information causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled</issue>
  <issue tracker="bnc" id="1162776">VUL-1: CVE-2019-15624: nextcloud: Improper Input Validation allows group admins to create users with IDs of system folders</issue>
  <issue tracker="bnc" id="1162784">VUL-1: CVE-2019-15621: nextcloud: Improper permissions preservation causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link</issue>
  <issue tracker="cve" id="2019-15613"/>
  <issue tracker="cve" id="2019-15623"/>
  <issue tracker="cve" id="2020-8118"/>
  <issue tracker="cve" id="2019-15621"/>
  <issue tracker="cve" id="2020-8119"/>
  <issue tracker="cve" id="2019-15624"/>
  <packager>ecsos</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for nextcloud</summary>
  <description>This update for nextcloud fixes the following issues:

Nextcloud was updated to 15.0.14:

- NC-SA-2020-002, CVE-2019-15613: workflow rules to depend their behaviour on the file extension when checking file mimetypes  (boo#1162766)
- NC-SA-2019-016, CVE-2019-15623: Exposure of Private Information caused the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled (boo#1162775)
- NC-SA-2019-015, CVE-2019-15624: Improper Input Validation allowed group admins to create users with IDs of system folders (boo#1162776)
- NC-SA-2019-012, CVE-2020-8119: Improper authorization caused leaking of previews and files when a file-drop share link is opened via the gallery app (boo#1162781)
- NC-SA-2019-014, CVE-2020-8118: An authenticated server-side request forgery allowed to detect local and remote services when adding a new subscription in the calendar application (boo#1162782)
- NC-SA-2020-012, CVE-2019-15621: Improper permissions preservation causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link (boo#1162784)
- To many changes.
   For detail see: https://nextcloud.com/changelog/

nextcloud was updated to 13.0.12:

- Fix NC-SA-2020-001
- To many changes.
    For detail see: https://nextcloud.com/changelog/


This update was imported from the openSUSE:Leap:15.1:Update update project.</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places