oss-sec mailing list archives
Re: CVE Request: owncloud
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 30 Nov 2012 11:12:53 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/30/2012 08:29 AM, Jamie Strandboge wrote:
Owncloud 4.5.2 and 4.0.9 has a few security fixes: http://owncloud.org/changelog/ Specifically: - Multiple XSS vulnerabilities (oC-SA-2012-001)
http://owncloud.org/security/advisories/oc-sa-2012-001/ Please use CVE-2012-5606 for this issue.
- Timing attack in the “Lost Password” implementation (oC-SA-2012-002)
http://owncloud.org/security/advisories/oc-sa-2012-002/ Please use CVE-2012-5607 for this issue.
- XSS vulnerability in user_webdavauth (oC-SA-2012-003)
http://owncloud.org/security/advisories/oc-sa-2012-003/ Please use CVE-2012-5608 for this issue.
- Code Execution in /lib/migrate.php (oC-SA-2012-004)
http://owncloud.org/security/advisories/oc-sa-2012-004/ Please use CVE-2012-5609 for this issue.
- Code Execution in /lib/filesystem.php (oC-SA-2012-005)
http://owncloud.org/security/advisories/oc-sa-2012-005/ Please use CVE-2012-5610 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJQuPclAAoJEBYNRVNeJnmTlGoQAJiRk2ucXjqxrB1+lBVZq5wz CFQ0t9e+cJlGiBMwOPEgGKmsXr5Tj6wLQ4E+S0CSy8+MDpvpOIas/WJyIRPH94s2 hTuYnCCoaoA0pe0WrF/8Fv/eEqN3xZzjbStm3Iv4iAIkSNA9iDQNqR9yJUu/fDHa NFpwwjT7DAuqIYT0/jASVvQy5rcm47bGVtdE438T9+OJoi2/8oZPRLXwgkpUYuMd PL+CrCxAmwAFjkhUFZ9IJ7wkFJwQv8CydEo/Kj1MPit8DqA5qX2q7QLKBFKPuTOy EqaBvCcXP4zchEfdODbjxCbxaGuUG1kkYP1JVkpJjC4kFPa7AS3sYECxGCpy8Gb7 8Uj+JaRLHp/cIWJqHAVxYnvv9iUuc1T83L1NJv5hCWZD3i16qaix297foNSV9mrY lAqWxJgvSus5M4Ce4Gt0HARDwzonFB1Kkclpk8PTFxNRmdDDPZUcy7ZoOhvDPHrI qtcIqjVZR6/EpZkms77usa1+rza0NqcLCMqeSNCdqbrFMt9z13xnsuBADVgOJNLm ZtYDnxonyrdJTKNOofldGdMUowcpuXLZT6n1J7XdCfsfpnoPIuoUylFgFcSOsihs eYVIYgGlflnzPKvj7w+YWyRX+0Ed1mowO3eBt/DlAiSdIMna1V6YGZMa1GjhwXVB Bm+IOUPVzHTo+L8ATXkz =KXaN -----END PGP SIGNATURE-----
Current thread:
- CVE Request: owncloud Jamie Strandboge (Nov 30)
- Re: CVE Request: owncloud Kurt Seifried (Nov 30)
- Re: [security] [oss-security] CVE Request: owncloud Lukas Reschke (Nov 30)
- <Possible follow-ups>
- CVE request: ownCloud Lukas Reschke (Dec 21)
- Re: CVE request: ownCloud Kurt Seifried (Dec 21)
- Re: CVE Request: owncloud Kurt Seifried (Nov 30)