FEDORA-2021-6f327296fe — security update for nextcloud

stable

nextcloud-19.0.13-1.fc33

FEDORA-2021-6f327296fe created by lcts a year ago for Fedora 33

Update to 19.0.13; Fixes one high severity and multiple low severity CVEs

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2021-6f327296fe

This update has been submitted for testing by lcts.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update's test gating status has been changed to 'waiting'.

a year ago

lcts edited this update.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

lcts edited this update.

a year ago

lcts edited this update.

a year ago

This update has been pushed to testing.

a year ago

This update has been submitted for stable by bodhi.

a year ago

This update has been pushed to stable.

a year ago

Please login to add feedback.

Metadata

Type

security

Severity

high

Karma

Signed

Content Type

RPM

Test Gating

ignored

Builds

nextcloud-19.0.13-1.fc33

Settings

Unstable by Karma

-1

Stable by Karma

Stable by Time

7 days

Dates

submitted

a year ago

in testing

a year ago

in stable

a year ago

modified

a year ago

BZ#1981503 CVE-2021-32688 nextcloud: Improper permission check permits tokens to change their own permissions [fedora-all]

BZ#1981505 CVE-2021-32680 nextcloud: Improper audit logging for expiration date events [fedora-all]

BZ#1981817 CVE-2021-32678 nextcloud: ratelimit not applied on OCS API responses [fedora-all]

BZ#1981819 CVE-2021-32679 nextcloud: filenames not escaped by default in controllers using DownloadResponse [fedora-all]

BZ#1981821 CVE-2021-32703 nextcloud: lack of ratelimit on shareinfo endpoint [fedora-all]

BZ#1981824 CVE-2021-32705 nextcloud: lack of ratelimit on public DAV endpoint [fedora-all]

nextcloud-19.0.13-1.fc33

Automated Test Results

ignored