Source: owncloud Severity: grave Tags: security Justification: user security hole
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, the following vulnerabilities were published for owncloud. CVE-2012-5665[0]: Auth bypass in user_webdavauth and user_ldap CVE-2012-5666[1]: XSS vulnerability in bookmarks If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5665 http://security-tracker.debian.org/tracker/CVE-2012-5665 http://owncloud.org/security/advisories/oc-sa-2012-006/ [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5666 http://security-tracker.debian.org/tracker/CVE-2012-5666 http://owncloud.org/security/advisories/oc-sa-2012-007/ Please adjust the affected versions in the BTS as needed. Regards, Salvatore - -- System Information: Debian Release: 7.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJQ1lyVAAoJEHidbwV/2GP+H7oP/jCMxzBDSJ2kMMWB9l3bOpBk MmDe/xb4JGmQCP+HCDLq7xix5ex8TdbRnkQTIT7NmalYRyckXezoyAc/OdvfUFIN 0h80zYpKmn/PrHTmPtrJZWQUv413wvXp5vXszoaSfq5eknao9avKdKux8JDCkbW0 Vivx8iEBHqq8mCPR1w6XLK62QCLB53dMigG1c7AnvmEysJh685v87z203TisV1cQ FfRiYv2a4qrfMEXm9/GqEYaZKHhOo/10Wra5rJDFtT2Q6EPTJc22jFg+w5x+vhwt KkC5dpw6KQZwVc3uswknskACoc3jVcEG2FsTVCg7exrP/TwEDXv8jVPGBWrJMcl2 OIwHRfTneoDMyaK0JB2bSwkjlsyOCusTCn6Ym6Y8czTd80f2pHdp9PdOxEeKVYIY Apjf7+FIRM9gEY4nHqE0jefZKJvDoG1nw+4Wd7fGuoySBzlvdGyTlUm9If4WepRu lkL2NV0OQGTLypBvgCr4TPwd6M9w04NwCDuFcxhOH10dG4DiqkxzjWq2+TcUWxwA Hvuw9JPQKuoQB1SblzlUDM0WoymElIAySEUqWZzG1X8Qj7ynHzy6SFA3JltIBKVq Q+qmkWybOSDwoCmLbU2Ap4gbMBxvJlMBmGBixY8UWHyLKcDuayo+mDe9E6tnqo6m 2IMiN2UW6YFu4dZklbcI =rJIS -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
