Bug#701115: marked as done (owncloud: multiple vulnerabilities (oC-SA-2013-003, oC-SA-2013-004, oC-SA-2013-006))

Wed, 06 Mar 2013 11:36:15 -0800 

Your message dated Wed, 06 Mar 2013 19:32:50 +0000
with message-id <e1udk54-0002hl...@franck.debian.org>
and subject line Bug#701115: fixed in owncloud 4.0.8debian-1.5
has caused the Debian Bug report #701115,
regarding owncloud: multiple vulnerabilities (oC-SA-2013-003, oC-SA-2013-004, 
oC-SA-2013-006)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
701115: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701115
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: owncloud
Severity: grave
Tags: security

Hi

Another owncloud advisory announcing multiple XSS vulnerabilities in
owncloud was released. See [1] for more details.

 [1]: http://owncloud.org/about/security/advisories/oC-SA-2013-003/

Assigned CVE's are:

CVE-2013-0297, CVE-2013-0307 (4.0 & 4.5)
CVE-2013-0298 (4.5)

Please include the relevant CVEs in the changelog when updating the
package.

The update for testing needs to go trough t-p-u, as version from
unstable cannot migrate.

Can you prepare fixed packages?

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: owncloud
Source-Version: 4.0.8debian-1.5

We believe that the bug you reported is fixed in the latest version of
owncloud, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 701...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Prach Pongpanich <prach...@gmail.com> (supplier of updated owncloud package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 27 Feb 2013 11:38:52 +0700
Source: owncloud
Binary: owncloud owncloud-mysql owncloud-sqlite
Architecture: source all
Version: 4.0.8debian-1.5
Distribution: unstable
Urgency: low
Maintainer: ownCloud for Debian maintainers 
<pkg-owncloud-maintain...@lists.alioth.debian.org>
Changed-By: Prach Pongpanich <prach...@gmail.com>
Description: 
 owncloud   - cloud storage for files, music, contacts, calendars and many more
 owncloud-mysql - meta-package providing MySQL dependencies for ownCloud
 owncloud-sqlite - meta-package providing SQLite dependencies for ownCloud
Closes: 701115
Changes: 
 owncloud (4.0.8debian-1.5) unstable; urgency=low
 .
   * Non-maintainer upload.
   * Multiple security fixes (Closes: #701115):
     + debian/patches/13_oc-sa-2013-003.patch:
       - CVE-2013-0297 and CVE-2013-0307: XSS vulnerability
     + debian/patches/14_oc-sa-2013-004.patch:
       - CVE-2013-0299 and CVE-2013-0301: Multiple CSRF vulnerabilities
     + debian/patches/15_oc-sa-2013-006.patch:
       - CVE-2013-0303: Multiple code executions
Checksums-Sha1: 
 695283fefa747cd5d7178fbdc391b9c006d4d341 2149 owncloud_4.0.8debian-1.5.dsc
 aee5c1b129979574d115b43f43cca156e86baade 44811 
owncloud_4.0.8debian-1.5.debian.tar.gz
 e42d6b3a0f3a8419cb6dfb8265f6e06aa10e5407 2212818 
owncloud_4.0.8debian-1.5_all.deb
 fe9b5e400e54ab62536eda8f6677bec5308c16b6 29676 
owncloud-mysql_4.0.8debian-1.5_all.deb
 c3edb2f6de18d6571cee9cc794cb9da8be8ba5a5 54564 
owncloud-sqlite_4.0.8debian-1.5_all.deb
Checksums-Sha256: 
 e135b9b3e37ee010286715271f31aa07d2462e7633ec92908c3ab5be62ff90a6 2149 
owncloud_4.0.8debian-1.5.dsc
 d7e1eed25a7858d31cc1488264f604e59f2a56db80d9a22a563fb1c872d982a8 44811 
owncloud_4.0.8debian-1.5.debian.tar.gz
 0f2dadf10e2ecae5817706f52b88e191f6f4883a9f0d53c5c54555beee15a65a 2212818 
owncloud_4.0.8debian-1.5_all.deb
 60d3f5b4763a6fe69aa666f7c247ae0e1f8769e04dda12e2ebbedc820ddc62c2 29676 
owncloud-mysql_4.0.8debian-1.5_all.deb
 f5cf3e1edb595e975708968bb7d611b0de4fd103263edee78aa0a98869becb45 54564 
owncloud-sqlite_4.0.8debian-1.5_all.deb
Files: 
 6bc4ce26252ae0a9cee126de59cd03ae 2149 web extra owncloud_4.0.8debian-1.5.dsc
 11f22ba4f76381161912598c76efd1a5 44811 web extra 
owncloud_4.0.8debian-1.5.debian.tar.gz
 c547baaacbf7a43ff745bce806ab6110 2212818 web extra 
owncloud_4.0.8debian-1.5_all.deb
 7333368186692ff725672a4ea5d06815 29676 web extra 
owncloud-mysql_4.0.8debian-1.5_all.deb
 ad9b868d528abcb9cec692db03cc771d 54564 web extra 
owncloud-sqlite_4.0.8debian-1.5_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJRNPJBAAoJELs6aAGGSaoGvv8P/R2lTzW/O7Hq+azFw6lLtXDB
9kOasH/xUCRM7H3sZELrUYwN1vbbW0pCBE8OPgC2QbeHxXgwumrmYUeXchNDksWZ
LIuYAxFOsVaBKE1JrcABWwdcG/Bg1vZN9X0LZablvWm30ImfCNJ+H0ntMiPKQ8bv
XlF8VAqgDZiah2W4Uh9ejmb7oT7d7RVigQZhhVJSYAKJjDEhtaEmrMwJFrTXhDJr
eq/XLhGaTH+mmBUHR6maZZohLA8xTjOL/cjv3F3hAccBq8FiDNLZ84KRKo5mlc11
f2jfYGLQVpFOLIXy0rxUr5OHTKNkuqZk354Eog74DMHw/kYeKJxxqDZ30kouevKf
huy8Y6zwO5zDPCG+sUUvhZiMP1P/fzJMaWzIBNislfIU7TT1IrOAeHci+5WFbWsZ
uPBFGydOmBfS2KSJ+xM6i6wckV3mjzLTIQlM0HAaMUskpQbrimRHXU9UB4s94lNT
Ht7v6S7A4FtX9H+3vfDm19hF/R9zSzedvXGXY3AzJ6jE6VlKy/D3hBMl4hJH1SN7
Wz5cz9PJB4PPh2p73Xf/RFiSuBbEIznxsazUUkLxYiszKZMeQ5bsPCLRmhpot+ce
X+d5Yab5C9n8FTHxuMJMZe4HTCTxBhXahZp00au33JoPBIZu6b1F+qrQNKEvmcKV
yD/qL9KkFz3JaFTiC4/W
=RxE+
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to