[Pkg-owncloud-maintainers] Bug#1014810: owncloud-client: CVE-2021-44537
Pierre-Elliott Bécue
peb at debian.org
Sun Dec 17 22:12:48 GMT 2023
Fixed for stable
Pierre-Elliott Bécue <peb at debian.org> wrote on 03/10/2022 at 12:08:07+0100:
> Hi,
>
> Le mardi 12 juillet 2022 à 12:10:27+0200, Moritz Mühlenhoff a écrit :
>> Source: owncloud-client
>> X-Debbugs-CC: team at security.debian.org
>> Severity: important
>> Tags: security
>>
>> Hi,
>>
>> The following vulnerability was published for owncloud-client.
>>
>> CVE-2021-44537[0]:
>> | ownCloud owncloud/client before 2.9.2 allows Resource Injection by a
>> | server into the desktop client via a URL, leading to remote code
>> | execution.
>>
>> https://owncloud.com/security-advisories/cve-2021-44537/
>>
>> If you fix the vulnerability please also make sure to include the
>> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>>
>> For further information see:
>>
>> [0] https://security-tracker.debian.org/tracker/CVE-2021-44537
>> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44537
>>
>> Please adjust the affected versions in the BTS as needed.
>
> Sorry for not including this bug report and CVE in my 2.11.0.8354
> release, I had it in mind in July and things fell off because of summer
> holiday and then I forgot about it.
>
> That being said, the 2.11.0.8354 version is not vulnerable which is at
> least a good thing.
>
> I added a fixed-in entry on the bug, if I can do something else to make
> sure the security tracker is happy, please do tell.
>
> Cheers!
More information about the Pkg-owncloud-maintainers
mailing list