A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory.
A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system.
Maintainer, please stabilize 2.6.5 when ready.
2.6.5 was added on July 11 and no bug report, so it looks to go stable
A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt.
Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory.
Removing CVE-2020-8229 -- Windows only.
New GLSA request filed.
This issue was resolved and addressed in
GLSA 202009-09 at https://security.gentoo.org/glsa/202009-09
by GLSA coordinator Thomas Deutschmann (whissi).