[Pkg-owncloud-maintainers] Bug#800126: Bug#800126: owncloud: CVE-2015-6500: Information exposure through directory listing
David Prévot
david at tilapin.org
Sun Sep 27 16:37:46 UTC 2015
Hi Salvatore,
Le 27/09/2015 03:17, Salvatore Bonaccorso a écrit :
> Source: owncloud
> Version: 7.0.4+dfsg-1
> the following vulnerability was published for owncloud. Would
> appreciate if you can double check (affected function which
> checks/scans the directories is already present in 7.x, but upstream
> advisory mentions only 8.x).
Indeed, I’m able to reproduce the PoC with both the version in stable
and the one (that was) in unstable. Thank you for spotting it.
Do you want me to prepare a version for a DSA, or should I follow up
with the release team to get it fixed in the next point release?
Regards
David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-owncloud-maintainers/attachments/20150927/eaf3ea71/attachment.sig>
More information about the Pkg-owncloud-maintainers
mailing list