Hello community, here is the log from the commit of package patchinfo.12562 for openSUSE:Leap:15.1:Update checked in at 2020-05-22 18:15:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.1:Update/patchinfo.12562 (Old) and /work/SRC/openSUSE:Leap:15.1:Update/.patchinfo.12562.new.2738 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.12562" Fri May 22 18:15:02 2020 rev:1 rq:805565 version:unknown Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo incident="12562"> <issue tracker="cve" id="2020-8155"/> <issue tracker="cve" id="2020-8154"/> <issue tracker="bnc" id="1171572">VUL-1: CVE-2020-8155: Cross-site scripting vulnerability when opening a malicious PDF</issue> <issue tracker="bnc" id="1171579">VUL-0: CVE-2020-8154: nextcloud: remote wipe of devices of other users via a malicious request directly to the endpoint</issue> <packager>ecsos</packager> <rating>moderate</rating> <category>security</category> <summary>Security update for nextcloud</summary> <description>This update for nextcloud to 18.0.4 fixes the following issues: Security issues fixed: - CVE-2020-8154: Fixed an XSS vulnerability when opening malicious PDFs (NC-SA-2020-018 boo#1171579). - CVE-2020-8155: Fixed a direct object reference vulnerability that allowed attackers to remotely wipe devices of other users (NC-SA-2020-019 boo#1171572). </description> </patchinfo>
