[Secure-testing-commits] r32203 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu Feb 12 22:24:41 UTC 2015 

Author: jmm
Date: 2015-02-12 22:24:41 +0000 (Thu, 12 Feb 2015)
New Revision: 32203

Modified:
   data/CVE/list
Log:
various older owncloud issues all fixed in jessie


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-02-12 21:10:14 UTC (rev 32202)
+++ data/CVE/list	2015-02-12 22:24:41 UTC (rev 32203)
@@ -5182,15 +5182,15 @@
 	- owncloud 7.0.3+dfsg-1
 	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-024
 CVE-2014-9047 (Multiple unspecified vulnerabilities in the preview system in ownCloud ...)
-	- owncloud <unfixed>
-	TODO: check
+	- owncloud 7.0.3+dfsg-1
+        NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-026 
 CVE-2014-9046 (The OC_Util::getUrlContent function in ownCloud Server before 5.0.18, ...)
 	- owncloud 7.0.3+dfsg-1
 	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-023
 CVE-2014-9045 (The FTP backend in user_external in ownCloud Server before 5.0.18 and ...)
-	- owncloud <unfixed>
-	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-022
-	TODO: check
+	- owncloud 7~20140504+dfsg-1
+        NOTE: Only affects 5.x and 6.x, so marking first 7 release as fixed
+        NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-022
 CVE-2014-9044 (Asset Pipeline in ownCloud 7.x before 7.0.3 uses an MD5 hash of the ...)
 	- owncloud 7.0.3+dfsg-1
 	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-021
@@ -5198,12 +5198,11 @@
 	- owncloud 7.0.3+dfsg-1
 	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-020
 CVE-2014-9042 (Cross-site scripting (XSS) vulnerability in the import functionality ...)
-	- owncloud <unfixed>
-	TODO: check
+	- owncloud 7.0.3+dfsg-1
+	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-028
 CVE-2014-9041 (The import functionality in the bookmarks application in ownCloud ...)
-	- owncloud <unfixed>
+	- owncloud 7.0.3+dfsg-1
 	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-019
-	TODO: check
 CVE-2014-9040
 	RESERVED
 CVE-2014-9029 (Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) ...)
@@ -15039,8 +15038,9 @@
 CVE-2014-5342 (Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows ...)
 	NOT-FOR-US: Aruba Networks ClearPass
 CVE-2014-5341 (The SFTP external storage driver (files_external) in ownCloud Server ...)
-	- owncloud <unfixed>
-	TODO: check
+	- owncloud 7~20140504+dfsg-1
+        NOTE: Only affects 5.x and 6.x, so marking first 7 release as fixed
+	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-019   
 CVE-2014-5340 (The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 ...)
 	- check-mk <unfixed> (bug #758883)
 	[wheezy] - check-mk <not-affected> (does not use pickle, vulnerable code not present)

More information about the Secure-testing-commits mailing list