A member of the Owncloud security team is in contact with MITRE in order to close this CVE as it's invalid due to unclear changelog entries.
I'll keep you informed. THX, Tom Am Mittwoch, dem 19.09.2012 um 17:32 schrieb Moritz Muehlenhoff: > Package: owncloud > Severity: grave > Tags: security > Justification: user security hole > > Hi, > CVE-2012-4753 is still unfixed in Wheezy: > http://www.openwall.com/lists/oss-security/2012/09/05/17 > > It's not clear, which CSRF fixes were fixed in 4.0.5, so please > contact upstream to identify the specific fixes and introduce > them in another tpu upload. > > Cheers, > Moritz > > _______________________________________________ > Pkg-owncloud-maintainers mailing list > pkg-owncloud-maintain...@lists.alioth.debian.org > http://lists.alioth.debian.org/mailman/listinfo/pkg-owncloud-maintainers -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
