Bug#693990: marked as done (owncloud: multiple security issues)

[Debian Bug Tracking System]

Your message dated Sun, 25 Nov 2012 17:02:55 +0000
with message-id <e1tcfbb-0000bq...@franck.debian.org>
and subject line Bug#693990: fixed in owncloud 4.0.8debian-1.1
has caused the Debian Bug report #693990,
regarding owncloud: multiple security issues
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
693990: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693990
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: owncloud
Severity: grave
Tags: security

The new upstream release 4.0.9 / 4.5.2 fixes multiple security issues.
>From the changelog[1]:

  [1] <http://owncloud.org/changelog/>

----
Version 4.0.9 Nov 14th 2012

    Several critical security fixes
    Multiple XSS vulnerabilities (oC-SA-2012-001)
    Timing attack in the “Lost Password” implementation (oC-SA-2012-002)
    Code Execution in /lib/migrate.php (oC-SA-2012-004)
    Code Execution in /lib/filesystem.php (oC-SA-2012-005)
----

More details seem to be available here:

    http://owncloud.org/security/advisories/oC-SA-2012-001
    http://owncloud.org/security/advisories/oC-SA-2012-002
    http://owncloud.org/security/advisories/oC-SA-2012-004
    http://owncloud.org/security/advisories/oC-SA-2012-005

Please also update the version in wheezy if necessary.

Ansgar

--- End Message ---

--- Begin Message ---

Source: owncloud
Source-Version: 4.0.8debian-1.1

We believe that the bug you reported is fixed in the latest version of
owncloud, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 693...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Banck <mba...@debian.org> (supplier of updated owncloud package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 25 Nov 2012 12:26:01 +0100
Source: owncloud
Binary: owncloud owncloud-mysql owncloud-sqlite
Architecture: source all
Version: 4.0.8debian-1.1
Distribution: unstable
Urgency: high
Maintainer: Michael Banck <mba...@debian.org>
Changed-By: Michael Banck <mba...@debian.org>
Description: 
 owncloud   - cloud storage for files, music, contacts, calendars and many more
 owncloud-mysql - meta-package providing MySQL dependencies for ownCloud
 owncloud-sqlite - meta-package providing SQLite dependencies for ownCloud
Closes: 693990
Changes: 
 owncloud (4.0.8debian-1.1) unstable; urgency=high
 .
   * Non-maintainer upload, fixes several security issues (Closes: #693990).
   * debian/patches/06_oc-sa-2012-001.patch: Fix multiple XSS vulnerabilities.
   * debian/patches/07_oc-sa-2012-002.patch: Fix timing attack.
   * debian/patches/08_oc-sa-2012-004.patch: Fix code execution in migrate.php.
   * debian/patches/09_oc-sa-2012-005.patch: Fix code execution in
     filesystem.php.
Checksums-Sha1: 
 1aca1b651f9cc278170650abada9cb6c50df96f9 1509 owncloud_4.0.8debian-1.1.dsc
 0ee17be485c703f86e019b43e32493274f4047f0 40371 
owncloud_4.0.8debian-1.1.debian.tar.gz
 04efbd284ef6f48e65b53bbcbb1ebe8fb76df8ac 2208058 
owncloud_4.0.8debian-1.1_all.deb
 05b5129c2e517c0d1ab9ee1df87eaf898f851a8c 29284 
owncloud-mysql_4.0.8debian-1.1_all.deb
 0bce3724940a85bd250fb8dfb18f59c48cd67b43 54740 
owncloud-sqlite_4.0.8debian-1.1_all.deb
Checksums-Sha256: 
 18f13dc8d3a22578a1451dac0af2778eca0b6c37da082ce3525830b0a55243e1 1509 
owncloud_4.0.8debian-1.1.dsc
 59af490000561944551ccdad655907ea19fa93153b86a5390abe441917a4a413 40371 
owncloud_4.0.8debian-1.1.debian.tar.gz
 610c4fe234b6dfa9cd3ae1460329ede91a01623aaf188e91a76cce05fc37cecf 2208058 
owncloud_4.0.8debian-1.1_all.deb
 3cb1cfe26ea6df77b334a754f953991c77f81dc868f937d0b98d7a09dfdd7390 29284 
owncloud-mysql_4.0.8debian-1.1_all.deb
 d976c40b0611c98872f2ba2e90d94450a9934e787a70e68121ef8e75a4a0a116 54740 
owncloud-sqlite_4.0.8debian-1.1_all.deb
Files: 
 d1f73052165f77ac9a0c4ec516004e37 1509 web extra owncloud_4.0.8debian-1.1.dsc
 80d6bb011bedfaa5807507ee4d7a7f20 40371 web extra 
owncloud_4.0.8debian-1.1.debian.tar.gz
 ecff5689768490859832632b40ef3545 2208058 web extra 
owncloud_4.0.8debian-1.1_all.deb
 9c546704cf280febcfccdaabbf125c46 29284 web extra 
owncloud-mysql_4.0.8debian-1.1_all.deb
 5e25857aede73ec01620860b2718923f 54740 web extra 
owncloud-sqlite_4.0.8debian-1.1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlCySpoACgkQmHaJYZ7RAb8ugACcCn3LjHUwhjuZyg75keCcQEvl
5egAniXAG2aoyc0Grk/TabqGf0uTiaJX
=UFhy
-----END PGP SIGNATURE-----

--- End Message ---