[Pkg-owncloud-maintainers] Bug#1014810: owncloud-client: CVE-2021-44537
Pierre-Elliott Bécue
peb at debian.org
Mon Oct 3 12:08:07 BST 2022
Hi,
Le mardi 12 juillet 2022 à 12:10:27+0200, Moritz Mühlenhoff a écrit :
> Source: owncloud-client
> X-Debbugs-CC: team at security.debian.org
> Severity: important
> Tags: security
>
> Hi,
>
> The following vulnerability was published for owncloud-client.
>
> CVE-2021-44537[0]:
> | ownCloud owncloud/client before 2.9.2 allows Resource Injection by a
> | server into the desktop client via a URL, leading to remote code
> | execution.
>
> https://owncloud.com/security-advisories/cve-2021-44537/
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2021-44537
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44537
>
> Please adjust the affected versions in the BTS as needed.
Sorry for not including this bug report and CVE in my 2.11.0.8354
release, I had it in mind in July and things fell off because of summer
holiday and then I forgot about it.
That being said, the 2.11.0.8354 version is not vulnerable which is at
least a good thing.
I added a fixed-in entry on the bug, if I can do something else to make
sure the security tracker is happy, please do tell.
Cheers!
--
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528 F493 0D44 2664 1949 74E2
It's far easier to fight for principles than to live up to them.
More information about the Pkg-owncloud-maintainers
mailing list