Your message dated Fri, 04 Jan 2013 23:32:32 +0000 with message-id <e1trgka-0003ah...@franck.debian.org> and subject line Bug#696574: fixed in owncloud 4.0.4debian2-3.2 has caused the Debian Bug report #696574, regarding owncloud: multiple security issues to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 696574: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696574 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: owncloud Severity: grave Tags: security Justification: user security hole -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, the following vulnerabilities were published for owncloud. CVE-2012-5665[0]: Auth bypass in user_webdavauth and user_ldap CVE-2012-5666[1]: XSS vulnerability in bookmarks If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5665 http://security-tracker.debian.org/tracker/CVE-2012-5665 http://owncloud.org/security/advisories/oc-sa-2012-006/ [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5666 http://security-tracker.debian.org/tracker/CVE-2012-5666 http://owncloud.org/security/advisories/oc-sa-2012-007/ Please adjust the affected versions in the BTS as needed. Regards, Salvatore - -- System Information: Debian Release: 7.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJQ1lyVAAoJEHidbwV/2GP+H7oP/jCMxzBDSJ2kMMWB9l3bOpBk MmDe/xb4JGmQCP+HCDLq7xix5ex8TdbRnkQTIT7NmalYRyckXezoyAc/OdvfUFIN 0h80zYpKmn/PrHTmPtrJZWQUv413wvXp5vXszoaSfq5eknao9avKdKux8JDCkbW0 Vivx8iEBHqq8mCPR1w6XLK62QCLB53dMigG1c7AnvmEysJh685v87z203TisV1cQ FfRiYv2a4qrfMEXm9/GqEYaZKHhOo/10Wra5rJDFtT2Q6EPTJc22jFg+w5x+vhwt KkC5dpw6KQZwVc3uswknskACoc3jVcEG2FsTVCg7exrP/TwEDXv8jVPGBWrJMcl2 OIwHRfTneoDMyaK0JB2bSwkjlsyOCusTCn6Ym6Y8czTd80f2pHdp9PdOxEeKVYIY Apjf7+FIRM9gEY4nHqE0jefZKJvDoG1nw+4Wd7fGuoySBzlvdGyTlUm9If4WepRu lkL2NV0OQGTLypBvgCr4TPwd6M9w04NwCDuFcxhOH10dG4DiqkxzjWq2+TcUWxwA Hvuw9JPQKuoQB1SblzlUDM0WoymElIAySEUqWZzG1X8Qj7ynHzy6SFA3JltIBKVq Q+qmkWybOSDwoCmLbU2Ap4gbMBxvJlMBmGBixY8UWHyLKcDuayo+mDe9E6tnqo6m 2IMiN2UW6YFu4dZklbcI =rJIS -----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---Source: owncloud Source-Version: 4.0.4debian2-3.2 We believe that the bug you reported is fixed in the latest version of owncloud, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 696...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Luca Falavigna <dktrkr...@debian.org> (supplier of updated owncloud package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 04 Jan 2013 23:30:46 +0100 Source: owncloud Binary: owncloud owncloud-mysql owncloud-sqlite Architecture: source all Version: 4.0.4debian2-3.2 Distribution: testing-proposed-updates Urgency: high Maintainer: ownCloud for Debian maintainers <pkg-owncloud-maintain...@lists.alioth.debian.org> Changed-By: Luca Falavigna <dktrkr...@debian.org> Description: owncloud - cloud storage for files, music, contacts, calendars and many more owncloud-mysql - meta-package providing MySQL dependencies for ownCloud owncloud-sqlite - meta-package providing SQLite dependencies for ownCloud Closes: 696574 Changes: owncloud (4.0.4debian2-3.2) testing-proposed-updates; urgency=high . * Non-maintainer upload. * Multiple security fixes (Closes: #696574): + debian/patches/10_oc-sa-2012-006.patch: - CVE-2012-5665: Auth bypass in user_webdavauth and user_ldap + debian/patches/11_oc-sa-2012-007.patch: - CVE-2012-5666: XSS vulnerability in bookmarks Checksums-Sha1: bde694f3dc63daaf6f8b60e52704a11e69ddb9a2 2156 owncloud_4.0.4debian2-3.2.dsc 155de09a9fc8af1b5682d075c962d6f10f99f5d1 49113 owncloud_4.0.4debian2-3.2.debian.tar.gz 2dd89c77b62674eb568cf0f6687f0a9947c0f7d1 2209732 owncloud_4.0.4debian2-3.2_all.deb 2e3038215500a9b135077507eb85bdea1c478759 31806 owncloud-mysql_4.0.4debian2-3.2_all.deb f104a5d9d1db894d88124b6dac3dd236c5f10578 56886 owncloud-sqlite_4.0.4debian2-3.2_all.deb Checksums-Sha256: 44a916e06499f4238773f1e966e5ec3828fe631e293f71f4e854620f2208aa24 2156 owncloud_4.0.4debian2-3.2.dsc a3e507edad53dffa22444083dc4211384dd8abc40842c025e5404b480ff4227d 49113 owncloud_4.0.4debian2-3.2.debian.tar.gz 118704ea58ed75bb2494f6a4bb8cfcf03f97c3f2655db3cab80e8b326cdb31d4 2209732 owncloud_4.0.4debian2-3.2_all.deb b20a5ba54aca0c265c783fa46b43d170116d182114d68ff8d7b2f98825a6bc5e 31806 owncloud-mysql_4.0.4debian2-3.2_all.deb ea93e1844cdf04e32a2f89ac03d159be8f5266ae9d1772fc2301c6dcdb82f498 56886 owncloud-sqlite_4.0.4debian2-3.2_all.deb Files: 03e5c85860fa7e1e5dfb0a197882e97a 2156 web extra owncloud_4.0.4debian2-3.2.dsc 5fcb2c2fbb6b302f0c0294d46ca28767 49113 web extra owncloud_4.0.4debian2-3.2.debian.tar.gz 75ed6ef26e96a926da1bdcc4c00fee42 2209732 web extra owncloud_4.0.4debian2-3.2_all.deb a9a25dac3c789d967ac9beac7b33f2a8 31806 web extra owncloud-mysql_4.0.4debian2-3.2_all.deb 6f2085dde4ca1cd1b6b3a44a4be82905 56886 web extra owncloud-sqlite_4.0.4debian2-3.2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJQ52VfAAoJEEkIatPr4vMfrCEP/0p5ebbtIv3+piT2TScNxyKq OMLfD0Efi9xBUHwlYDAkqBS7yIEliVeydvixeDAxCJudHXF5WcItxM9faidbHrnF rNd3mRpT9Q9tfF6U9JyT7LUSQJr9e3ud17C+iQn1vH1jgvwCCuHh5jLfxxwKZXD+ aaS4/lpMhxHPcE9wpeIEi+HXQ5IBII4rE/RAnt76ofzlhVHAi62tSNBk6Kjg+SsJ 0Qps/lWuqmwLvaKuHfmPvj+QEiEvX+DgWftDMql0+ObOdLBKFNqx2n6XftN26Fv4 cAdA4c4yhPZMDvWp8JIidgoprjorM3RA34EE4nG9GTMPFwHxWFfzNdttDUiswJrd NGre6QX3xe17SSmqENnA/rp+Y3i2gaoBuMo6fsSX0rzDejWrSBt1h8xvKBOkQFQ1 J9zPqdFFk+/Bua+AkBQmDfV9SkkZHE8caVkMnp0yzuKhfQSwyWDAQcc6zCbnCW6J q8miAfd9VPVgkq4QR4D9DO8qrCEcxk7b2VP8GXlhXmosfnL+caHr63UELU/ZFtF+ 3K8pi03Kwvrj3q7J7a9ymZuF98PFkChq0n9CfjCbseT5sEVzHqxyC6St8IX0iOcx 3wjPHhcBjeucm8G8Fok+eIJVOV1I09w57KGzP51tGah7eXJZqtmKCD5ucamcBGIF 0Qtm+Hikyt/TbIEgxa9g =xvaj -----END PGP SIGNATURE-----
--- End Message ---
