[Pkg-owncloud-maintainers] Bug#694871: owncloud: Multiple security issues
Henri Salo
henri at nerv.fi
Sat Dec 1 15:14:02 UTC 2012
Package: owncloud
Version: 4.0.8debian-1.1
Severity: important
Tags: security
Owncloud 4.5.2 and 4.0.9 has a few security fixes: http://owncloud.org/changelog/
1) Multiple XSS vulnerabilities (oC-SA-2012-001) CVE-2012-5606
2) Timing attack in the "Lost Password" implementation (oC-SA-2012-002) CVE-2012-5607
3) XSS vulnerability in user_webdavauth (oC-SA-2012-003) CVE-2012-5608
4) Code Execution in /lib/migrate.php (oC-SA-2012-004) CVE-2012-5609
5) Code Execution in /lib/filesystem.php (oC-SA-2012-005) CVE-2012-5610
CVE request: http://www.openwall.com/lists/oss-security/2012/11/30/2
CVEs assigned: http://www.openwall.com/lists/oss-security/2012/11/30/3
- Henri Salo
More information about the Pkg-owncloud-maintainers
mailing list