Hello community, here is the log from the commit of package novnc for openSUSE:Factory checked in at 2017-08-04 11:59:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/novnc (Old) and /work/SRC/openSUSE:Factory/.novnc.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "novnc" Fri Aug 4 11:59:50 2017 rev:7 rq:512022 version:0.6.2 Changes: -------- --- /work/SRC/openSUSE:Factory/novnc/novnc.changes 2015-12-21 12:04:41.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.novnc.new/novnc.changes 2017-08-04 11:59:52.759399453 +0200 @@ -1,0 +2,13 @@ +Sat Jul 22 08:11:49 UTC 2017 - dmueller@suse.com + +- Update to 0.6.2: + _This is a vulnerability fix release._ + + Fixes a XSS issue in which the remote VNC server could inject + arbitrary HTML into the noVNC web page via the messages propagated + to the status field, such as the VNC server name. + + This affects users of vnc_auto.html and vnc.html, as well as any + users of include/ui.js. + +------------------------------------------------------------------- Old: ---- noVNC-0.5.1.tar.gz New: ---- noVNC-0.6.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ novnc.spec ++++++ --- /var/tmp/diff_new_pack.zEj6WL/_old 2017-08-04 11:59:53.411307438 +0200 +++ /var/tmp/diff_new_pack.zEj6WL/_new 2017-08-04 11:59:53.415306874 +0200 @@ -1,7 +1,7 @@ # # spec file for package novnc # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: novnc -Version: 0.5.1 +Version: 0.6.2 Release: 0 Summary: VNC client using HTML5 (Web Sockets, Canvas) with encryption support License: MPL-2.0 and LGPL-3.0 ++++++ noVNC-0.5.1.tar.gz -> noVNC-0.6.2.tar.gz ++++++ ++++ 12575 lines of diff (skipped)