CVE-2020-8224 (https://nextcloud.com/security/advisory/?id=NC-SA-2020-030): A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory. CVE-2020-8229 (https://nextcloud.com/security/advisory/?id=NC-SA-2020-034): A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system. Maintainer, please stabilize 2.6.5 when ready.
2.6.5 was added on July 11 and no bug report, so it looks to go stable
amd64 stable
CVE-2020-8189: A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt. CVE-2020-8227: Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory.
x86 stable
Please cleanup.
Removing CVE-2020-8229 -- Windows only. New GLSA request filed.
This issue was resolved and addressed in GLSA 202009-09 at https://security.gentoo.org/glsa/202009-09 by GLSA coordinator Thomas Deutschmann (whissi).