[Pkg-owncloud-maintainers] Bug#696574: owncloud: multiple security issues
Salvatore Bonaccorso
carnil at debian.org
Sun Dec 23 01:21:30 UTC 2012
Source: owncloud
Severity: grave
Tags: security
Justification: user security hole
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
the following vulnerabilities were published for owncloud.
CVE-2012-5665[0]:
Auth bypass in user_webdavauth and user_ldap
CVE-2012-5666[1]:
XSS vulnerability in bookmarks
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5665
http://security-tracker.debian.org/tracker/CVE-2012-5665
http://owncloud.org/security/advisories/oc-sa-2012-006/
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5666
http://security-tracker.debian.org/tracker/CVE-2012-5666
http://owncloud.org/security/advisories/oc-sa-2012-007/
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
- -- System Information:
Debian Release: 7.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJQ1lyVAAoJEHidbwV/2GP+H7oP/jCMxzBDSJ2kMMWB9l3bOpBk
MmDe/xb4JGmQCP+HCDLq7xix5ex8TdbRnkQTIT7NmalYRyckXezoyAc/OdvfUFIN
0h80zYpKmn/PrHTmPtrJZWQUv413wvXp5vXszoaSfq5eknao9avKdKux8JDCkbW0
Vivx8iEBHqq8mCPR1w6XLK62QCLB53dMigG1c7AnvmEysJh685v87z203TisV1cQ
FfRiYv2a4qrfMEXm9/GqEYaZKHhOo/10Wra5rJDFtT2Q6EPTJc22jFg+w5x+vhwt
KkC5dpw6KQZwVc3uswknskACoc3jVcEG2FsTVCg7exrP/TwEDXv8jVPGBWrJMcl2
OIwHRfTneoDMyaK0JB2bSwkjlsyOCusTCn6Ym6Y8czTd80f2pHdp9PdOxEeKVYIY
Apjf7+FIRM9gEY4nHqE0jefZKJvDoG1nw+4Wd7fGuoySBzlvdGyTlUm9If4WepRu
lkL2NV0OQGTLypBvgCr4TPwd6M9w04NwCDuFcxhOH10dG4DiqkxzjWq2+TcUWxwA
Hvuw9JPQKuoQB1SblzlUDM0WoymElIAySEUqWZzG1X8Qj7ynHzy6SFA3JltIBKVq
Q+qmkWybOSDwoCmLbU2Ap4gbMBxvJlMBmGBixY8UWHyLKcDuayo+mDe9E6tnqo6m
2IMiN2UW6YFu4dZklbcI
=rJIS
-----END PGP SIGNATURE-----
More information about the Pkg-owncloud-maintainers
mailing list