Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 21 Dec 2012 23:49:01 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Lukas Reschke <lukas@...tuscode.ch>
Subject: Re: CVE request: ownCloud

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/21/2012 02:29 PM, Lukas Reschke wrote:
> ownCloud 4.5.5 and 4.0.10 are bringing two security fixes: 
> http://owncloud.org/changelog/
> 
> - Auth bypass in user_webdavauth and user_ldap (oC-SA-2012-001)

Please use CVE-2012-5665 for this issue.

> - XSS vulnerability in bookmarks (oC-SA-2012-007)

Please use CVE-2012-5666 for this issue.

> Thanks Lukas
> 


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQ1VfdAAoJEBYNRVNeJnmT/sEP/jXElZAErcew5AFir9bcYnhK
wM2ApyIDK4Lf/jp4QSGKYtGvOZqECQ2oPfUd6atYSZfVwvwNqv3qqNRHWiTfnGy/
Mv0m8b/BLq0s3Mjm8ChmOY82OweHLWzV7mzk1U0GWqRT60+TVG5A82E1OzcIsUhf
IH1ph5nEhdop5qolkfrgs44gRj2d11Wqjur21xvXBYr+EKpmG+jU0+Q7+T6/PhRn
y1f7yzvikVk1GByBzfomKv+vBCP/m/t63HC1xgW/zLUlFOrxT70bpCs0sFv81itF
xtJfhDdNnRImIF2DxYROy4jMW/VVdIv1TanEYTsPYWKgtOojYceBPV1027YSx1UP
zLuhJ+BRwsiv/OCFVYbJ7NTapg0hgMykNGb0thNowBmOMmAQwP1TIH/kPRtspWk1
crsgBRrM5CHVkNUgTXZgRki1RSqq38OWyMKsHNH2cYHJBO1/Ri+JGkpU7z2e0/aD
2M9pr1yeqiWcxjWl8FF1CsbXeHGGdn5r4BT+F/rqThocjUFoUnekgTD/ZtXzQmR2
ecQTttmUAB8raK5yJI2fTNW5P4vnaF+CPTlVP1qUkeJSeJ6iJCRjUMcj9NbCojVd
OZew+ts7YQKV6df9fu0BgKDiA9RbgdoUKMHDC4MEgdfpvd91Nplkjo0RFnhXjqdH
pGG3+b4aFBpLCaZXs7m4
=Z0ds
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ