Update Info

openSUSE-2023-171


Security update for nextcloud-desktop


Type: security
Severity: important
Issued: 2023-07-10
Description:
This update for nextcloud-desktop fixes the following issues:

Update ot 3.8.0

  - Resize WebView widget once the loginpage rendered
  - Feature/secure file drop
  - Check German translation for wrong wording
  - L10n: Correct word
  - Fix displaying of file details button for local syncfileitem activities
  - Improve config upgrade warning dialog
  - Only accept folder setup page if overrideLocalDir is set
  - Update CHANGELOG.
  - Prevent ShareModel crash from accessing bad pointers
  - Bugfix/init value for pointers
  - Log to stdout when built in Debug config
  - Clean up account creation and deletion code
  - L10n: Added dot to end of sentence
  - L10n: Fixed grammar
  - Fix "Create new folder" menu entries in settings not working correctly on macOS
  - Ci/clang tidy checks init variables
  - Fix share dialog infinite loading
  - Fix edit locally job not finding the user account: wrong user id
  - Skip e2e encrypted files with empty filename in metadata
  - Use new connect syntax
  - Fix avatars not showing up in settings dialog account actions until clicked on
  - Always discover blacklisted folders to avoid data loss when modifying selectivesync list.
  - Fix infinite loading in the share dialog when public link shares are disabled on the server
  - With cfapi when dehydrating files add missing flag
  - Fix text labels in Sync Status component
  - Display 'Search globally' as the last sharees list element
  - Fix display of 2FA notification.
  - Bugfix/do not restore virtual files
  - Show server name in tray main window
  - Add Ubuntu Lunar
  - Debian build classification 'beta' cannot override 'release'.
  - Update changelog
  - Follow shouldNotify flag to hide notifications when needed
  - Bugfix/stop after creating config file
  - E2EE cut extra zeroes from derypted byte array.
  - When local sync folder is overriden, respect this choice
  - Feature/e2ee fixes

- This update also fixes security issues:

  - (boo#1205798, CVE-2022-39331)
    - Arbitrary HyperText Markup Language injection in notifications 
  - (boo#1205799, CVE-2022-39332)
    - Arbitrary HyperText Markup Language injection in user status and information 
  - (boo#1205800, CVE-2022-39333)
    - Arbitrary HyperText Markup Language injection in desktop client application 
  - (boo#1205801, CVE-2022-39334)
    - Client incorrectly trusts invalid TLS certificates 
  - (boo#1207976, CVE-2023-23942)
    - missing sanitisation on qml labels leading to javascript injection 


              

Packages


  • nextcloud-desktop-3.8.0-bp155.2.3.1