Bug#694871: marked as done (owncloud: Multiple security issues)

Tue, 11 Dec 2012 15:21:16 -0800 

Your message dated Tue, 11 Dec 2012 23:18:21 +0000
with message-id <e1tiz5h-0005vq...@franck.debian.org>
and subject line Bug#693990: fixed in owncloud 4.0.4debian2-3.1
has caused the Debian Bug report #693990,
regarding owncloud: Multiple security issues
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
693990: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693990
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: owncloud
Version: 4.0.8debian-1.1
Severity: important
Tags: security

Owncloud 4.5.2 and 4.0.9 has a few security fixes: 
http://owncloud.org/changelog/

1) Multiple XSS vulnerabilities (oC-SA-2012-001) CVE-2012-5606
2) Timing attack in the "Lost Password" implementation (oC-SA-2012-002) 
CVE-2012-5607
3) XSS vulnerability in user_webdavauth (oC-SA-2012-003) CVE-2012-5608
4) Code Execution in /lib/migrate.php (oC-SA-2012-004) CVE-2012-5609
5) Code Execution in /lib/filesystem.php (oC-SA-2012-005) CVE-2012-5610

CVE request: http://www.openwall.com/lists/oss-security/2012/11/30/2
CVEs assigned: http://www.openwall.com/lists/oss-security/2012/11/30/3

- Henri Salo

--- End Message ---
--- Begin Message --- 
Source: owncloud
Source-Version: 4.0.4debian2-3.1

We believe that the bug you reported is fixed in the latest version of
owncloud, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 693...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Banck <mba...@debian.org> (supplier of updated owncloud package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 05 Dec 2012 21:25:00 +0100
Source: owncloud
Binary: owncloud owncloud-mysql owncloud-sqlite
Architecture: source all
Version: 4.0.4debian2-3.1
Distribution: testing
Urgency: high
Maintainer: Michael Banck <mba...@debian.org>
Changed-By: Michael Banck <mba...@debian.org>
Description: 
 owncloud   - cloud storage for files, music, contacts, calendars and many more
 owncloud-mysql - meta-package providing MySQL dependencies for ownCloud
 owncloud-sqlite - meta-package providing SQLite dependencies for ownCloud
Closes: 693990
Changes: 
 owncloud (4.0.4debian2-3.1) testing-proposed-updates; urgency=high
 .
   * Non-maintainer upload, fixes several security issues (Closes: #693990).
   * debian/patches/06_oc-sa-2012-001.patch: Fix multiple XSS vulnerabilities.
   * debian/patches/07_oc-sa-2012-002.patch: Fix timing attack.
   * debian/patches/08_oc-sa-2012-004.patch: Fix code execution in migrate.php.
   * debian/patches/09_oc-sa-2012-005.patch: Fix code execution in
     filesystem.php.
   * debian/patches/07_oc-sa-2012-002.patch: Backport generate_random_bytes()
     function from 4.0.8 release.
   * debian/patches/06_oc-sa-2012-001.patch: Include escapeHTML() function.
Checksums-Sha1: 
 00d3fb229009841b857ced9819d6a280862df709 1516 owncloud_4.0.4debian2-3.1.dsc
 6412816231d3ce5435fefadf7f9ec40598d8d40d 47596 
owncloud_4.0.4debian2-3.1.debian.tar.gz
 cc5dbf3ba6c186e32097766a5a80c373f1461ec8 2206640 
owncloud_4.0.4debian2-3.1_all.deb
 b852269abb523161fe289f2b80873bbc030a455d 31488 
owncloud-mysql_4.0.4debian2-3.1_all.deb
 e177078664a2c9332505761e16942e3a15008c11 57296 
owncloud-sqlite_4.0.4debian2-3.1_all.deb
Checksums-Sha256: 
 c121574186853a466fe0e0d720bea7dd4b993f7c5c85637fccc7680aae1f6941 1516 
owncloud_4.0.4debian2-3.1.dsc
 cc0209d6ebfd2309077b785b1803145e9dfcec09d63d9fad4ce87ee949711fe1 47596 
owncloud_4.0.4debian2-3.1.debian.tar.gz
 990a715a31ea7754a5e7597464dc7d2273a4a9e23fe61282324804bd3fbde367 2206640 
owncloud_4.0.4debian2-3.1_all.deb
 c9debd8e6bc6bf137e1e2f69a04b2af1bd92764df87217dc4c07228a3ff6ed5e 31488 
owncloud-mysql_4.0.4debian2-3.1_all.deb
 972e0c29b70841e94b67b94a5db7d1091fbb3e07d679a8d0e7886a839978c6a8 57296 
owncloud-sqlite_4.0.4debian2-3.1_all.deb
Files: 
 0f2d8d50ed3dfa3761d8c8ce16de7347 1516 web extra owncloud_4.0.4debian2-3.1.dsc
 e27c85d2f90383b87e905350209ac60c 47596 web extra 
owncloud_4.0.4debian2-3.1.debian.tar.gz
 db2416245a6f03330c86c026f560b8c1 2206640 web extra 
owncloud_4.0.4debian2-3.1_all.deb
 0cb8810260ff4ab8a03bbe95fabe7033 31488 web extra 
owncloud-mysql_4.0.4debian2-3.1_all.deb
 c98f5482fa817c05b7359cb61b472b8f 57296 web extra 
owncloud-sqlite_4.0.4debian2-3.1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlDHu5UACgkQmHaJYZ7RAb8l/QCeO9WjGj2IebvsCc+/A1pAK5xf
tu4AoLUtcDkdYh14N3GHsVnDXUO9PjpX
=3dkp
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to