openSUSE-SU-2023:0171-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2023:0171-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/openSUSE-SU-2023:0171-1
Related
Published
2023-07-10T11:03:58Z
Modified
2023-07-10T11:03:58Z
Summary
Security update for nextcloud-desktop
Details

This update for nextcloud-desktop fixes the following issues:

Update ot 3.8.0

  • Resize WebView widget once the loginpage rendered
  • Feature/secure file drop
  • Check German translation for wrong wording
  • L10n: Correct word
  • Fix displaying of file details button for local syncfileitem activities
  • Improve config upgrade warning dialog
  • Only accept folder setup page if overrideLocalDir is set
  • Update CHANGELOG.
  • Prevent ShareModel crash from accessing bad pointers
  • Bugfix/init value for pointers
  • Log to stdout when built in Debug config
  • Clean up account creation and deletion code
  • L10n: Added dot to end of sentence
  • L10n: Fixed grammar
  • Fix 'Create new folder' menu entries in settings not working correctly on macOS
  • Ci/clang tidy checks init variables
  • Fix share dialog infinite loading
  • Fix edit locally job not finding the user account: wrong user id
  • Skip e2e encrypted files with empty filename in metadata
  • Use new connect syntax
  • Fix avatars not showing up in settings dialog account actions until clicked on
  • Always discover blacklisted folders to avoid data loss when modifying selectivesync list.
  • Fix infinite loading in the share dialog when public link shares are disabled on the server
  • With cfapi when dehydrating files add missing flag
  • Fix text labels in Sync Status component
  • Display 'Search globally' as the last sharees list element
  • Fix display of 2FA notification.
  • Bugfix/do not restore virtual files
  • Show server name in tray main window
  • Add Ubuntu Lunar
  • Debian build classification 'beta' cannot override 'release'.
  • Update changelog
  • Follow shouldNotify flag to hide notifications when needed
  • Bugfix/stop after creating config file
  • E2EE cut extra zeroes from derypted byte array.
  • When local sync folder is overriden, respect this choice
  • Feature/e2ee fixes

    • This update also fixes security issues:
  • (boo#1205798, CVE-2022-39331)

    • Arbitrary HyperText Markup Language injection in notifications
  • (boo#1205799, CVE-2022-39332)
    • Arbitrary HyperText Markup Language injection in user status and information
  • (boo#1205800, CVE-2022-39333)
    • Arbitrary HyperText Markup Language injection in desktop client application
  • (boo#1205801, CVE-2022-39334)
    • Client incorrectly trusts invalid TLS certificates
  • (boo#1207976, CVE-2023-23942)
    • missing sanitisation on qml labels leading to javascript injection
References

Affected packages

SUSE:Package Hub 15 SP5 / nextcloud-desktop

Package

Name
nextcloud-desktop
Purl
pkg:rpm/suse/nextcloud-desktop&distro=SUSE%20Package%20Hub%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.8.0-bp155.2.3.1

Ecosystem specific

{
    "binaries": [
        {
            "caja-extension-nextcloud": "3.8.0-bp155.2.3.1",
            "nextcloud-desktop": "3.8.0-bp155.2.3.1",
            "nemo-extension-nextcloud": "3.8.0-bp155.2.3.1",
            "libnextcloudsync0": "3.8.0-bp155.2.3.1",
            "libnextcloudsync-devel": "3.8.0-bp155.2.3.1",
            "nextcloud-desktop-dolphin": "3.8.0-bp155.2.3.1",
            "nextcloud-desktop-lang": "3.8.0-bp155.2.3.1",
            "nautilus-extension-nextcloud": "3.8.0-bp155.2.3.1",
            "cloudproviders-extension-nextcloud": "3.8.0-bp155.2.3.1",
            "nextcloud-desktop-doc": "3.8.0-bp155.2.3.1"
        }
    ]
}

openSUSE:Leap 15.5 / nextcloud-desktop

Package

Name
nextcloud-desktop
Purl
pkg:rpm/opensuse/nextcloud-desktop&distro=openSUSE%20Leap%2015.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.8.0-bp155.2.3.1

Ecosystem specific

{
    "binaries": [
        {
            "caja-extension-nextcloud": "3.8.0-bp155.2.3.1",
            "nextcloud-desktop": "3.8.0-bp155.2.3.1",
            "nemo-extension-nextcloud": "3.8.0-bp155.2.3.1",
            "libnextcloudsync0": "3.8.0-bp155.2.3.1",
            "libnextcloudsync-devel": "3.8.0-bp155.2.3.1",
            "nextcloud-desktop-dolphin": "3.8.0-bp155.2.3.1",
            "nextcloud-desktop-lang": "3.8.0-bp155.2.3.1",
            "nautilus-extension-nextcloud": "3.8.0-bp155.2.3.1",
            "cloudproviders-extension-nextcloud": "3.8.0-bp155.2.3.1",
            "nextcloud-desktop-doc": "3.8.0-bp155.2.3.1"
        }
    ]
}