Hi, Le mardi 12 juillet 2022 à 12:10:27+0200, Moritz Mühlenhoff a écrit : > Source: owncloud-client > X-Debbugs-CC: t...@security.debian.org > Severity: important > Tags: security > > Hi, > > The following vulnerability was published for owncloud-client. > > CVE-2021-44537[0]: > | ownCloud owncloud/client before 2.9.2 allows Resource Injection by a > | server into the desktop client via a URL, leading to remote code > | execution. > > https://owncloud.com/security-advisories/cve-2021-44537/ > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2021-44537 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44537 > > Please adjust the affected versions in the BTS as needed.
Sorry for not including this bug report and CVE in my 2.11.0.8354 release, I had it in mind in July and things fell off because of summer holiday and then I forgot about it. That being said, the 2.11.0.8354 version is not vulnerable which is at least a good thing. I added a fixed-in entry on the bug, if I can do something else to make sure the security tracker is happy, please do tell. Cheers! -- Pierre-Elliott Bécue GPG: 9AE0 4D98 6400 E3B6 7528 F493 0D44 2664 1949 74E2 It's far easier to fight for principles than to live up to them.
