[Pkg-owncloud-maintainers] Bug#693990: owncloud: multiple security issues
Ansgar Burchardt
ansgar at debian.org
Thu Nov 22 16:50:20 UTC 2012
Source: owncloud
Severity: grave
Tags: security
The new upstream release 4.0.9 / 4.5.2 fixes multiple security issues.
>From the changelog[1]:
[1] <http://owncloud.org/changelog/>
----
Version 4.0.9 Nov 14th 2012
Several critical security fixes
Multiple XSS vulnerabilities (oC-SA-2012-001)
Timing attack in the “Lost Password” implementation (oC-SA-2012-002)
Code Execution in /lib/migrate.php (oC-SA-2012-004)
Code Execution in /lib/filesystem.php (oC-SA-2012-005)
----
More details seem to be available here:
http://owncloud.org/security/advisories/oC-SA-2012-001
http://owncloud.org/security/advisories/oC-SA-2012-002
http://owncloud.org/security/advisories/oC-SA-2012-004
http://owncloud.org/security/advisories/oC-SA-2012-005
Please also update the version in wheezy if necessary.
Ansgar
More information about the Pkg-owncloud-maintainers
mailing list