Mageia 2018-0394: nextcloud security update
Summary
Nextcloud has been updated to 13.0.6 and fixes atleast the following
security issue:
A missing sanitization of search results for an autocomplete field could
lead to a stored XSS requiring user-interaction. The missing sanitization
only affected user names, hence malicious search results could only be
crafted by authenticated users (CVE-2018-3780).
References
- https://bugs.mageia.org/show_bug.cgi?id=23497
- https://nextcloud.com/changelog/#latest13
- - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3780
Resolution
MGASA-2018-0394 - Updated nextcloud packages fix security vulnerability
SRPMS
- 6/core/nextcloud-13.0.6-1.mga6