Ah, sorry for the noise. 698737 did not show up on
bugs.debian.org/owncloud and I didn't think to check the src:.
-- John
On 01/31/2013 08:37 AM, Salvatore Bonaccorso wrote:
Control: merge 698737 699441
Hi John
On Thu, Jan 31, 2013 at 07:25:38AM -0600, John Goerzen wrote:
Package: owncloud
Version: 4.0.4debian2-3.2
Severity: grave
Tags: security
Justification: user security hole
The version of owncloud in both testing and unstable contains security
holes.
http://owncloud.org/changelog/ has details. Upstream versions 4.0.11
and 4.5.6 fixed:
* Security: Fix multiple XSS problems: CVE-2013-0201, CVE-2013-0202,
CVE-2013-0203
* Security: Removed remoteStorage app because of unfixed security problems.
Yes, owncloud fixing these is in the delayed queue:
See: http://bugs.debian.org/698737
Regards,
Salvatore
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
