openSUSE Leap 42.3: 2018:2521-1 Moderate Nextcloud XSS Fix

This update for nextcloud to version 13.0.5 fixes the following issues:

Security issues fixed:

- CVE-2018-3780: Fixed a missing sanitization of search results for an

autocomplete field that could lead to a stored XSS requiring

user-interaction. The missing sanitization only affected user names,

hence malicious search results could only be crafted by authenticated

users. (boo#1105598)

Other bugs fixed:

- Fix highlighting of the upload drop zone

- Apply ldapUserFilter on members of group

- Make the DELETION of groups match greedy on the groupID

- Add parent index to share table

- Log full exception in cron instead of only the message

- Properly lock the target file on dav upload when not using part files

- LDAP backup server should not be queried when auth fails

- Fix filenames in sharing integration tests

- Lower log level for quota manipulation cases

- Let user set avatar in nextcloud if LDAP provides invalid image...