Your message dated Fri, 22 Mar 2013 16:32:52 +0000
with message-id <[email protected]>
and subject line Bug#703094: fixed in owncloud 4.0.8debian-1.6
has caused the Debian Bug report #703094,
regarding owncloud: multiple vulnerabilities (oC-SA-2013-009, oC-SA-2013-010)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
703094: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703094
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: owncloud
Severity: grave
Tags: security
Hi,
the following vulnerabilities were published for owncloud.
CVE-2013-1851[0]:
user_migrate: Local file disclosure
CVE-2013-1850[1]:
Contacts: Bypass of file blacklist
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1851
http://security-tracker.debian.org/tracker/CVE-2013-1851
http://owncloud.org/about/security/advisories/oC-SA-2013-010
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1850
http://security-tracker.debian.org/tracker/CVE-2013-1850
http://owncloud.org/about/security/advisories/oC-SA-2013-009
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: owncloud
Source-Version: 4.0.8debian-1.6
We believe that the bug you reported is fixed in the latest version of
owncloud, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
gregor herrmann <[email protected]> (supplier of updated owncloud package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 19 Mar 2013 17:05:08 +0100
Source: owncloud
Binary: owncloud owncloud-mysql owncloud-sqlite
Architecture: source all
Version: 4.0.8debian-1.6
Distribution: unstable
Urgency: low
Maintainer: ownCloud for Debian maintainers
<[email protected]>
Changed-By: gregor herrmann <[email protected]>
Description:
owncloud - cloud storage for files, music, contacts, calendars and many more
owncloud-mysql - meta-package providing MySQL dependencies for ownCloud
owncloud-sqlite - meta-package providing SQLite dependencies for ownCloud
Closes: 703094
Changes:
owncloud (4.0.8debian-1.6) unstable; urgency=low
.
* Non-maintainer upload.
* Fix "multiple vulnerabilities (oC-SA-2013-009, oC-SA-2013-010)":
add patches taken from upstream git:
+ debian/patches/16_oc-sa-2013-010.patch
CVE-2013-1851: user_migrate: Local file disclosure
oC-SA-2013-010, commit edf7162 in stable4 branch
+ debian/patches/17_oc-sa-2013-009.patch
CVE-2013-1850: Contacts: Bypass of file blacklist
oC-SA-2013-009, commit fae5bd3 in stable4 branch
(Closes: #703094)
Checksums-Sha1:
6ea24083c1e4dd8ca29eec69c30eb1d94aae0d14 2149 owncloud_4.0.8debian-1.6.dsc
7b7c4b71a6d2208abcdc027e6761b3dc73cf823b 46601
owncloud_4.0.8debian-1.6.debian.tar.gz
f45f5b04d17b090e8b489a9344ea32b2d0b6f090 2213360
owncloud_4.0.8debian-1.6_all.deb
22b799ca658ca79a0de91ca30370a2c3485eb8fd 29868
owncloud-mysql_4.0.8debian-1.6_all.deb
d48a7591e308121185802dec36c24249e792b4b7 54772
owncloud-sqlite_4.0.8debian-1.6_all.deb
Checksums-Sha256:
11cb8072a4a093eaee81ddcb882b3a34da26422c458f320ef343887ca4d18099 2149
owncloud_4.0.8debian-1.6.dsc
f72d9206efaa7433d75dc8b4a46235664389be51ed6b5c25fecaf87f0507788d 46601
owncloud_4.0.8debian-1.6.debian.tar.gz
2d57546ae9fdb3d29d1ae3471111978d69fd26de0aea7bfc67f7d36951bc3343 2213360
owncloud_4.0.8debian-1.6_all.deb
30fa6f0b1d21d7350e4b00e5dd403ee5971092d1ce5388a88caf94baa5972289 29868
owncloud-mysql_4.0.8debian-1.6_all.deb
27b377b3cc5151648e31fdff81c400daeae3a5acfffd92fea94630bac9894d61 54772
owncloud-sqlite_4.0.8debian-1.6_all.deb
Files:
4246e98801403910eaa4b1637162a78b 2149 web extra owncloud_4.0.8debian-1.6.dsc
bd7850f98eb802c55fd4086f26c91437 46601 web extra
owncloud_4.0.8debian-1.6.debian.tar.gz
027d61180fdffec1c42da7a5ffb61a1e 2213360 web extra
owncloud_4.0.8debian-1.6_all.deb
9fc0043501e28add2168a41078f8fdc4 29868 web extra
owncloud-mysql_4.0.8debian-1.6_all.deb
bbcb7c7b441c68e56ed9ec0c65a1716e 54772 web extra
owncloud-sqlite_4.0.8debian-1.6_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJRSI0IAAoJELs6aAGGSaoGml4P/3G8nI7CV0pnoCjqiHNoagEb
oL7m4MdcdbbIrG+ByY8THF9iuR7GnWvMQeNtrp8LYHstjUKh2Baq6x/7iEmzQjFA
MKn7KE1bXW8J4qVQD25fyvIFudg+JNydoZuayUtS6GO5nV6yRNn+FUmEEN2gkUB0
Eiz01evuHAPdKcqqUIRlqJe/RVd4UsPnqJe+gcwCozd7fmGvXdyPe7eOEwHAWIuI
RY4MTLJLO4yxXVPULVXC/TkmgdYlHrkF2xiZStP4kg9PIOR5PopPkZdpd1Hg18K9
gIgAZVKsTmKn1DX6d0HPdOOe5YwmCqAaVePjUSMoeJk1ypNAJyIBBLpNJ5A7TWg/
7P5SKls9AFf50AocjDJUqV/NHsBljhQILRkqOvoQOjPtx5dvq1nOfoGNY1zHUYLX
WVypOMGnu1ZOYb0ozCluQOyk7WYA60Zd30RcPvulBVc0HVtwLcESK8J+rUtcEpQ9
ekmqAtOs6vE/7caJL369zjuXYiqayTAaulFK+rrwsN/Q3coSuWEtjkCSVr2ehbkc
vg5kNszEYWh7bWHrbnL7/JmH/XxkGH41/R/8IA5mGgQyEtBLSxM9rG/UDTZR93Wu
jGjetTPtegvI7aCxvMijZFPYDlUauLsas1IUK8G8N0cOPB7k1NZwCefGZ00j8tm8
5ELZxipAl+SCPaD+AVSk
=E7p3
-----END PGP SIGNATURE-----
--- End Message ---
