Bug#711517: marked as done (owncloud: CVE-2013-2149: XSS vulnerability in core/js/oc-dialogs.js)

Fri, 07 Jun 2013 09:51:47 -0700 

Your message dated Fri, 07 Jun 2013 16:48:20 +0000
with message-id <[email protected]>
and subject line Bug#711517: fixed in owncloud 5.0.7+dfsg-1
has caused the Debian Bug report #711517,
regarding owncloud: CVE-2013-2149: XSS vulnerability in core/js/oc-dialogs.js
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
711517: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711517
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: owncloud
Version: 4.0.15debian-1
Severity: grave
Tags: security patch upstream

Hi,

the following vulnerability was published for owncloud.

CVE-2013-2149[0]:
XSS vulnerability in core/js/oc-dialogs.js

See upstream advisory at [1].

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2149
    http://security-tracker.debian.org/tracker/CVE-2013-2149
[1] http://owncloud.org/about/security/advisories/oC-SA-2013-028/

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: owncloud
Source-Version: 5.0.7+dfsg-1

We believe that the bug you reported is fixed in the latest version of
owncloud, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
David Prévot <[email protected]> (supplier of updated owncloud package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 07 Jun 2013 11:56:17 -0400
Source: owncloud
Binary: owncloud owncloud-mysql owncloud-sqlite
Architecture: source all
Version: 5.0.7+dfsg-1
Distribution: experimental
Urgency: low
Maintainer: ownCloud for Debian maintainers 
<[email protected]>
Changed-By: David Prévot <[email protected]>
Description: 
 owncloud   - cloud storage for files, music, contacts, calendars and many more
 owncloud-mysql - meta-package providing MySQL dependencies for ownCloud
 owncloud-sqlite - meta-package providing SQLite dependencies for ownCloud
Closes: 711517 711518
Changes: 
 owncloud (5.0.7+dfsg-1) experimental; urgency=low
 .
   * Team upload
   * New upstream release
     + Fix multiple XSS vulnerabilities (oC-SA-2013-028):
       - CVE-2013-2149: in core/js/oc-dialogs.js (Closes: #711517)
       - CVE-2013-2150: in js/viewer.js (Closes: #711518)
Checksums-Sha1: 
 51a41e3c7537d7422fe7fbac86ed5f2b9acc4480 1773 owncloud_5.0.7+dfsg-1.dsc
 3b4fcc65f779b495e2cf07c33145922a48d8a5b5 12151224 
owncloud_5.0.7+dfsg.orig.tar.bz2
 69de2e148102e73f2026847d56f63bd5526c396c 62230 
owncloud_5.0.7+dfsg-1.debian.tar.gz
 0d906f308e2ea1edb74b150ee8f8a924b52807e2 3590502 owncloud_5.0.7+dfsg-1_all.deb
 8979449c1ab5135f730660318c19c9993e2c5f70 49150 
owncloud-mysql_5.0.7+dfsg-1_all.deb
 29890dcd4448e7859448e77a5e67fe200c0aba4d 74382 
owncloud-sqlite_5.0.7+dfsg-1_all.deb
Checksums-Sha256: 
 b5cfc6ba1afe13c205a8a0ff54dee8365944d75ae91a1ec1970d901f57cc3236 1773 
owncloud_5.0.7+dfsg-1.dsc
 61ae356761ed5da7d75b941937e296914f45cf6689d801c88880201ada0dc9f3 12151224 
owncloud_5.0.7+dfsg.orig.tar.bz2
 f085bcc1ca84c13e4ec7debdbb63b71bfbaf33aba4ab9b01bc161b6fa93420ed 62230 
owncloud_5.0.7+dfsg-1.debian.tar.gz
 7da4b01495cd26d082c64eb02afeb826cccc640571d9fdd7eee7d07e1f7cbb62 3590502 
owncloud_5.0.7+dfsg-1_all.deb
 7a9c5ad5d22cd42ae9db6fdfe5367712571e69f97ec99fdb944c441ef964ec8a 49150 
owncloud-mysql_5.0.7+dfsg-1_all.deb
 821adfef976774bbeb675e846b7dbfd9c24e9091d3755a21aa9f26a7cb206f8e 74382 
owncloud-sqlite_5.0.7+dfsg-1_all.deb
Files: 
 65a9a6586b9f197bfd66e5ce2172f0ab 1773 web extra owncloud_5.0.7+dfsg-1.dsc
 fe7510ad5d03a7d0d0674c15626ce45a 12151224 web extra 
owncloud_5.0.7+dfsg.orig.tar.bz2
 f08d15a7e65ee7498122ea2d81ee63e9 62230 web extra 
owncloud_5.0.7+dfsg-1.debian.tar.gz
 e05cc7ffe1dd3e5184a627ef1f1a62b9 3590502 web extra 
owncloud_5.0.7+dfsg-1_all.deb
 3c1f6038f246807c16d067068e3206fb 49150 web extra 
owncloud-mysql_5.0.7+dfsg-1_all.deb
 b2333ff6f32f3b2bec3d6418b2db1acd 74382 web extra 
owncloud-sqlite_5.0.7+dfsg-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBCAAGBQJRsgkAAAoJEAWMHPlE9r08AscH/17LGTWl3IgjyadVbE3hVDuN
U2guuFgnTkzsN/jX6bsvCTB9gmqihTDDNhI830ztUbw1fUFp5EaUEOWE2Qetkw/Y
qu+uwhIIo2zpuUEj7WVyvMC8c4nSBzT2W/3fQLBaxRIXjjScwyJZC3KocmOCXR56
DQVxy12Y8AUtEc2iXRVuXXEQzJJTpsn0csPKMlVDxsyyvt6Nv1REcxgumlg/bXPb
UAASyIdqRdjqW2Cf+7UZUqB59+Ro35F04jMnVlE4Sv0dMnN5fv3xaWSATApdEma6
piL8ndAwM5x0w2dw4ww6a0f+1JfMFvQOKpt9Pgs3JcFV72bOP8SUlBFsZKXhFvw=
=GK5U
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to