Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 30 Nov 2012 11:12:53 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Jamie Strandboge <jamie@...onical.com>, security@...cloud.org
Subject: Re: CVE Request: owncloud

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/30/2012 08:29 AM, Jamie Strandboge wrote:
> Owncloud 4.5.2 and 4.0.9 has a few security fixes: 
> http://owncloud.org/changelog/
> 
> Specifically: - Multiple XSS vulnerabilities (oC-SA-2012-001)

http://owncloud.org/security/advisories/oc-sa-2012-001/
Please use CVE-2012-5606 for this issue.

> - Timing attack in the “Lost Password” implementation
> (oC-SA-2012-002)

http://owncloud.org/security/advisories/oc-sa-2012-002/
Please use CVE-2012-5607 for this issue.

> - XSS vulnerability in user_webdavauth (oC-SA-2012-003)

http://owncloud.org/security/advisories/oc-sa-2012-003/
Please use CVE-2012-5608 for this issue.

> - Code Execution in /lib/migrate.php (oC-SA-2012-004)

http://owncloud.org/security/advisories/oc-sa-2012-004/
Please use CVE-2012-5609 for this issue.

> - Code Execution in /lib/filesystem.php (oC-SA-2012-005)

http://owncloud.org/security/advisories/oc-sa-2012-005/
Please use CVE-2012-5610 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQuPclAAoJEBYNRVNeJnmTlGoQAJiRk2ucXjqxrB1+lBVZq5wz
CFQ0t9e+cJlGiBMwOPEgGKmsXr5Tj6wLQ4E+S0CSy8+MDpvpOIas/WJyIRPH94s2
hTuYnCCoaoA0pe0WrF/8Fv/eEqN3xZzjbStm3Iv4iAIkSNA9iDQNqR9yJUu/fDHa
NFpwwjT7DAuqIYT0/jASVvQy5rcm47bGVtdE438T9+OJoi2/8oZPRLXwgkpUYuMd
PL+CrCxAmwAFjkhUFZ9IJ7wkFJwQv8CydEo/Kj1MPit8DqA5qX2q7QLKBFKPuTOy
EqaBvCcXP4zchEfdODbjxCbxaGuUG1kkYP1JVkpJjC4kFPa7AS3sYECxGCpy8Gb7
8Uj+JaRLHp/cIWJqHAVxYnvv9iUuc1T83L1NJv5hCWZD3i16qaix297foNSV9mrY
lAqWxJgvSus5M4Ce4Gt0HARDwzonFB1Kkclpk8PTFxNRmdDDPZUcy7ZoOhvDPHrI
qtcIqjVZR6/EpZkms77usa1+rza0NqcLCMqeSNCdqbrFMt9z13xnsuBADVgOJNLm
ZtYDnxonyrdJTKNOofldGdMUowcpuXLZT6n1J7XdCfsfpnoPIuoUylFgFcSOsihs
eYVIYgGlflnzPKvj7w+YWyRX+0Ed1mowO3eBt/DlAiSdIMna1V6YGZMa1GjhwXVB
Bm+IOUPVzHTo+L8ATXkz
=KXaN
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.