Your message dated Fri, 04 Jan 2013 20:49:16 +0000 with message-id <e1treca-0006o6...@franck.debian.org> and subject line Bug#696574: fixed in owncloud 4.0.8debian-1.3 has caused the Debian Bug report #696574, regarding owncloud: multiple security issues to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 696574: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696574 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: owncloud Severity: grave Tags: security Justification: user security hole -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, the following vulnerabilities were published for owncloud. CVE-2012-5665[0]: Auth bypass in user_webdavauth and user_ldap CVE-2012-5666[1]: XSS vulnerability in bookmarks If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5665 http://security-tracker.debian.org/tracker/CVE-2012-5665 http://owncloud.org/security/advisories/oc-sa-2012-006/ [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5666 http://security-tracker.debian.org/tracker/CVE-2012-5666 http://owncloud.org/security/advisories/oc-sa-2012-007/ Please adjust the affected versions in the BTS as needed. Regards, Salvatore - -- System Information: Debian Release: 7.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJQ1lyVAAoJEHidbwV/2GP+H7oP/jCMxzBDSJ2kMMWB9l3bOpBk MmDe/xb4JGmQCP+HCDLq7xix5ex8TdbRnkQTIT7NmalYRyckXezoyAc/OdvfUFIN 0h80zYpKmn/PrHTmPtrJZWQUv413wvXp5vXszoaSfq5eknao9avKdKux8JDCkbW0 Vivx8iEBHqq8mCPR1w6XLK62QCLB53dMigG1c7AnvmEysJh685v87z203TisV1cQ FfRiYv2a4qrfMEXm9/GqEYaZKHhOo/10Wra5rJDFtT2Q6EPTJc22jFg+w5x+vhwt KkC5dpw6KQZwVc3uswknskACoc3jVcEG2FsTVCg7exrP/TwEDXv8jVPGBWrJMcl2 OIwHRfTneoDMyaK0JB2bSwkjlsyOCusTCn6Ym6Y8czTd80f2pHdp9PdOxEeKVYIY Apjf7+FIRM9gEY4nHqE0jefZKJvDoG1nw+4Wd7fGuoySBzlvdGyTlUm9If4WepRu lkL2NV0OQGTLypBvgCr4TPwd6M9w04NwCDuFcxhOH10dG4DiqkxzjWq2+TcUWxwA Hvuw9JPQKuoQB1SblzlUDM0WoymElIAySEUqWZzG1X8Qj7ynHzy6SFA3JltIBKVq Q+qmkWybOSDwoCmLbU2Ap4gbMBxvJlMBmGBixY8UWHyLKcDuayo+mDe9E6tnqo6m 2IMiN2UW6YFu4dZklbcI =rJIS -----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---Source: owncloud Source-Version: 4.0.8debian-1.3 We believe that the bug you reported is fixed in the latest version of owncloud, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 696...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Luca Falavigna <dktrkr...@debian.org> (supplier of updated owncloud package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 28 Dec 2012 20:20:56 +0100 Source: owncloud Binary: owncloud owncloud-mysql owncloud-sqlite Architecture: source all Version: 4.0.8debian-1.3 Distribution: unstable Urgency: high Maintainer: ownCloud for Debian maintainers <pkg-owncloud-maintain...@lists.alioth.debian.org> Changed-By: Luca Falavigna <dktrkr...@debian.org> Description: owncloud - cloud storage for files, music, contacts, calendars and many more owncloud-mysql - meta-package providing MySQL dependencies for ownCloud owncloud-sqlite - meta-package providing SQLite dependencies for ownCloud Closes: 696574 Changes: owncloud (4.0.8debian-1.3) unstable; urgency=high . * Non-maintainer upload. * Multiple security fixes (Closes: #696574): + debian/patches/10_oc-sa-2012-006.patch: - CVE-2012-5665: Auth bypass in user_webdavauth and user_ldap + debian/patches/11_oc-sa-2012-007.patch: - CVE-2012-5666: XSS vulnerability in bookmarks Checksums-Sha1: d1c5f338b996cc3d093812604fbc2b5ea8a010b5 2149 owncloud_4.0.8debian-1.3.dsc cad46ae8756163e854c53d76e144cf7c4b331df4 41623 owncloud_4.0.8debian-1.3.debian.tar.gz cfdec4bd32a953f3f0279e89fa82fdcc151d73bd 2209388 owncloud_4.0.8debian-1.3_all.deb 6a0f632f6acf6b90b2c4a713897263ae75566d77 29428 owncloud-mysql_4.0.8debian-1.3_all.deb fb37e908b8f5c97d7e26ae960f498dfb61083794 54430 owncloud-sqlite_4.0.8debian-1.3_all.deb Checksums-Sha256: 1aac390ddfa21dca644d7b4a65b4829c0a771666846a4a41121619b4aedd37c1 2149 owncloud_4.0.8debian-1.3.dsc 1edfdce3219c48f5c9eb70d4ffbc04840aeb8a77f17f72b751538137108aa3a2 41623 owncloud_4.0.8debian-1.3.debian.tar.gz 8171c1754cf0a44e1bf0de82c7c79d12cffa7712ed973feb56baf1bf94a28761 2209388 owncloud_4.0.8debian-1.3_all.deb e9569bbf0cec2a6b71584e63f37a82302c3f54aeccf5deae462afd18b18c90d6 29428 owncloud-mysql_4.0.8debian-1.3_all.deb da71aed4d34b983accd73658c2d3e7ef6253d60c94c9df55202010267d0ccfa8 54430 owncloud-sqlite_4.0.8debian-1.3_all.deb Files: eeca2369a2a4619eac018e28d5fd9378 2149 web extra owncloud_4.0.8debian-1.3.dsc 2971ddcfb3bc53651b56e21dd1fb53e9 41623 web extra owncloud_4.0.8debian-1.3.debian.tar.gz 77d99bf824ee6eb55f31ee60ca3ad664 2209388 web extra owncloud_4.0.8debian-1.3_all.deb 4478e1678cb78ea5c75e8a27dd71f476 29428 web extra owncloud-mysql_4.0.8debian-1.3_all.deb 4ce7a824f55781b7e47871fb5fa9701f 54430 web extra owncloud-sqlite_4.0.8debian-1.3_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJQ3fMBAAoJEEkIatPr4vMfSEcP/RDnpMqFSXARHPJLR1i0+We4 6yqUZiBn/NUK9XaNeVba4UkczRk37qrdfbPAwEivVhWZ/8MX/e1sTbm4qovn4UWa N6jqUrgYAPEpbXku7zPrc6k7NgGbfthUAcCTHVz86JXSAaD183S9LZGghG+IODgl hPN7p05nxXH+Ya3NmzSyRVuQLs7RZ4U9+lSIrrgUwLwIskRJzyruqx5FMh8KHs5F eoGU42Usn/CClPXKr2EfC/OW8FKpvXXpv05UEq9+1Fv4HRF8yK9eu6jU16oNKcNA tc8aCXKZKRJdhUEa2IYzc/A3dxPTSOwLHu6Ps8seo9UHi1k5yOfftZFT98jXLp1L NR2IV5WwDhThMZ3o/BuV7U1RXlTG7k8SbhITxaK9GYPTVJW4CJsmyDrXN0Sh4nmU oNLYzxfPwv3K8oexuv/v1JPKm7g4BJlL5U0wYJCPzYRGpBF8RJg9neU3S5zCEOIJ 0V83QatlS0/OjKysw028BrATcvcoLBgf5Cz3BKYW7bM9H5j6n0NgEy7we5vp1MfX swe/AC+bZdna9U6/7VC7ICrVJYxvdbZx5Z84PCJLET1J3brLTsO0NTAYBjJXgq2o V6JDSr6ngJfVEtpJ99u2el2aP1IJ43NlnSdqd/peoaeUgH8iUnoCkjeUorDc22fb qZD2WT2xJsM2nQHTmGSM =iJHJ -----END PGP SIGNATURE-----
--- End Message ---
