- Update to 0.6.2:

_This is a vulnerability fix release._
  Fixes a XSS issue in which the remote VNC server could inject
  arbitrary HTML into the noVNC web page via the messages propagated
  to the status field, such as the VNC server name.
  This affects users of vnc_auto.html and vnc.html, as well as any
  users of include/ui.js.

OBS-URL: https://build.opensuse.org/package/show/Cloud:OpenStack:Factory/novnc?expand=0&rev=17

noVNC-0.5.1.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:095c1ce62fb9fd673123d0ba124a630757b6c11ab2f57847e44a2f35ef50a18c
-size 776887

noVNC-0.6.2.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:70a27fe472b901faef7235a61e01aed884ec8c2234a666844acfd9da7e5bcf9b
+size 600675

novnc.changes

@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Sat Jul 22 08:11:49 UTC 2017 - dmueller@suse.com
+
+- Update to 0.6.2:
+  _This is a vulnerability fix release._
+
+  Fixes a XSS issue in which the remote VNC server could inject
+  arbitrary HTML into the noVNC web page via the messages propagated
+  to the status field, such as the VNC server name.
+
+  This affects users of vnc_auto.html and vnc.html, as well as any
+  users of include/ui.js.
+
 -------------------------------------------------------------------
 Mon Dec  7 16:42:51 UTC 2015 - dvaleev@suse.com
 

novnc.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package novnc
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           novnc
-Version:        0.5.1
+Version:        0.6.2
 Release:        0
 Summary:        VNC client using HTML5 (Web Sockets, Canvas) with encryption support
 License:        MPL-2.0 and LGPL-3.0