ASA-202107-41 log generated external raw

[ASA-202107-41] nextcloud-app-mail: information disclosure
Arch Linux Security Advisory ASA-202107-41 ========================================== Severity: Low Date : 2021-07-20 CVE-ID : CVE-2021-32707 Package : nextcloud-app-mail Type : information disclosure Remote : Yes Link : Summary ======= The package nextcloud-app-mail before version 1.10.1-1 is vulnerable to information disclosure. Resolution ========== Upgrade to 1.10.1-1. # pacman -Syu "nextcloud-app-mail>=1.10.1-1" The problem has been fixed upstream in version 1.10.1. Workaround ========== None. Description =========== In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with `background-image` CSS attribute. Note that the images were still passed through the Nextcloud image proxy, and thus there was no IP leakage. Impact ====== A remote attacker could disclose whether an email message has been read by embedding a remote CSS background image. References ==========