oss-sec mailing list archives
owncloud 5.0.8 and 4.5.13 (oC-SA-2013-029 and oC-SA-2013-030) - CVE assignments?
From: Salvatore Bonaccorso <carnil () debian org>
Date: Mon, 5 Aug 2013 23:33:38 +0200
Hi (not a CVE request per se more to clarify/ask back): Owncloud 4.5.13 and 5.0.8 fixed both bugs marked SECURITY at [1]. [1] http://owncloud.org/releases/Changelog Release "5.0.8" July 9. 2013 - SECURITY: XSS vulnerability in "Share Interface" (oC-SA-2013-029) - SECURITY: Authentication bypass in "user_webdavauth" (oC-SA-2013-030) - New anonymous upload feature - Fix syncing of external filesystems - External filesystems performance improvements - Improve compatibility with Oracle - Improved and simplified theming - Internet explorer 8 fixes - Fixes for partial file uploads - LDAP: fix handling of User and Group Bases - Improved and more robust upgrade system - A lot of encryption system fixes - Do not add groups if user has no groups - Several Contacts fixes - A lot of smaller bugfixes all over the place Download: http://download.owncloud.org/community/owncloud-5.0.8.tar.bz2 MD5: http://download.owncloud.org/community/owncloud-5.0.8.tar.bz2.md5 ------------------------------- Release "4.5.13" July 9. 2013 - SECURITY: Authentication bypass in "user_webdavauth" (oC-SA-2013-030) - Fixed deleting old files versions Download: http://download.owncloud.org/community/owncloud-4.5.13.tar.bz2 MD5: http://download.owncloud.org/community/owncloud-4.5.13.tar.bz2.md5 Looking at [2] there are no reference to oC-SA-2013-029 and oC-SA-2013-030 and CVE assignments for these issues. Where they already requested? (Cc'ing also the security () owncloud com team, reading from [3] it's not clear if they where already assigned). But the following might be emphasized (from [3]): [11:38:54] <AnybodyElse> Luigi12_work: I'll release them as soon as possible. Sorry. I'm actually *very* busy with my job. [11:40:00] <AnybodyElse> Luigi12_work: that said: the vulnerabilities aren't really severe and only exploitable in some very special and unusuable setups [2] http://owncloud.org/about/security/advisories/ [3] https://bugs.mageia.org/show_bug.cgi?id=10763#c8 Regards, Salvatore
Current thread:
- owncloud 5.0.8 and 4.5.13 (oC-SA-2013-029 and oC-SA-2013-030) - CVE assignments? Salvatore Bonaccorso (Aug 05)