Re: CVE Request: owncloud

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/30/2012 08:29 AM, Jamie Strandboge wrote:
> Owncloud 4.5.2 and 4.0.9 has a few security fixes: 
> http://owncloud.org/changelog/
>
> Specifically: - Multiple XSS vulnerabilities (oC-SA-2012-001)

http://owncloud.org/security/advisories/oc-sa-2012-001/
Please use CVE-2012-5606 for this issue.

> - Timing attack in the “Lost Password” implementation
> (oC-SA-2012-002)

http://owncloud.org/security/advisories/oc-sa-2012-002/
Please use CVE-2012-5607 for this issue.

> - XSS vulnerability in user_webdavauth (oC-SA-2012-003)

http://owncloud.org/security/advisories/oc-sa-2012-003/
Please use CVE-2012-5608 for this issue.

> - Code Execution in /lib/migrate.php (oC-SA-2012-004)

http://owncloud.org/security/advisories/oc-sa-2012-004/
Please use CVE-2012-5609 for this issue.

> - Code Execution in /lib/filesystem.php (oC-SA-2012-005)

http://owncloud.org/security/advisories/oc-sa-2012-005/
Please use CVE-2012-5610 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQuPclAAoJEBYNRVNeJnmTlGoQAJiRk2ucXjqxrB1+lBVZq5wz
CFQ0t9e+cJlGiBMwOPEgGKmsXr5Tj6wLQ4E+S0CSy8+MDpvpOIas/WJyIRPH94s2
hTuYnCCoaoA0pe0WrF/8Fv/eEqN3xZzjbStm3Iv4iAIkSNA9iDQNqR9yJUu/fDHa
NFpwwjT7DAuqIYT0/jASVvQy5rcm47bGVtdE438T9+OJoi2/8oZPRLXwgkpUYuMd
PL+CrCxAmwAFjkhUFZ9IJ7wkFJwQv8CydEo/Kj1MPit8DqA5qX2q7QLKBFKPuTOy
EqaBvCcXP4zchEfdODbjxCbxaGuUG1kkYP1JVkpJjC4kFPa7AS3sYECxGCpy8Gb7
8Uj+JaRLHp/cIWJqHAVxYnvv9iUuc1T83L1NJv5hCWZD3i16qaix297foNSV9mrY
lAqWxJgvSus5M4Ce4Gt0HARDwzonFB1Kkclpk8PTFxNRmdDDPZUcy7ZoOhvDPHrI
qtcIqjVZR6/EpZkms77usa1+rza0NqcLCMqeSNCdqbrFMt9z13xnsuBADVgOJNLm
ZtYDnxonyrdJTKNOofldGdMUowcpuXLZT6n1J7XdCfsfpnoPIuoUylFgFcSOsihs
eYVIYgGlflnzPKvj7w+YWyRX+0Ed1mowO3eBt/DlAiSdIMna1V6YGZMa1GjhwXVB
Bm+IOUPVzHTo+L8ATXkz
=KXaN
-----END PGP SIGNATURE-----