Will do once you send me the pdf On 02/05/15 12:15, Salvatore Bonaccorso wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > - ------------------------------------------------------------------------- > Debian Security Advisory DSA-3244-1 [email protected] > http://www.debian.org/security/ Salvatore Bonaccorso > May 02, 2015 http://www.debian.org/security/faq > - ------------------------------------------------------------------------- > > Package : owncloud > CVE ID : CVE-2015-3011 CVE-2015-3012 CVE-2015-3013 > > Multiple vulnerabilities were discovered in ownCloud, a cloud storage > web service for files, music, contacts, calendars and many more. > > CVE-2015-3011 > > Hugh Davenport discovered that the "contacts" application shipped > with ownCloud is vulnerable to multiple stored cross-site > scripting attacks. This vulnerability is effectively exploitable > in any browser. > > CVE-2015-3012 > > Roy Jansen discovered that the "documents" application shipped with > ownCloud is vulnerable to multiple stored cross-site scripting > attacks. This vulnerability is not exploitable in browsers that > support the current CSP standard. > > CVE-2015-3013 > > Lukas Reschke discovered a blacklist bypass vulnerability, allowing > authenticated remote attackers to bypass the file blacklist and > upload files such as the .htaccess files. An attacker could leverage > this bypass by uploading a .htaccess and execute arbitrary PHP code > if the /data/ directory is stored inside the web root and a web > server that interprets .htaccess files is used. On default Debian > installations the data directory is outside of the web root and thus > this vulnerability is not exploitable by default. > > For the stable distribution (jessie), these problems have been fixed in > version 7.0.4+dfsg-4~deb8u1. > > For the testing distribution (stretch), these problems have been fixed > in version 7.0.4+dfsg-3. > > For the unstable distribution (sid), these problems have been fixed in > version 7.0.4+dfsg-3. > > We recommend that you upgrade your owncloud packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: https://www.debian.org/security/ > > Mailing list: [email protected] > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQIcBAEBCgAGBQJVRLEeAAoJEAVMuPMTQ89E2oIQAJmkTY8ot8KahtUjMXpUtBJU > +tp5lekboH/QwAYe5L0anrCLTxIKj+VEhkjpINDWawgp2k91tkvIqxIHQpz3wZMr > OpCzF7vzx9qEgOCMtgg/v9dShYdYZPogFKRZAllZV0yvEEfs2pE8UoUrzSAmDLHB > 7QZ8DHPh0Wd4dkWx9SCw9HiarajgXDNxhQzKVHI7IGU8HnK5fJKGbgb1/udjJbGa > UC/8oHfwMkhbYHH6IjfdMUJVEIBZUV5oGeWm6XVWyb3WaMZWmc+wwbvpEApf5kOO > XOTq6jQX3e4V51G6hOiWa/696vnOLYepnpVh95UerkrgPE66Oi03IDlYL+CFn4mw > uXZRDokXfZVJmCtzShiZ1XfYNoylysZtgU902cgGWUABtkZOkwp2wcw90PXjKC2s > Zl3u02S316kpiavdkjVKIw/Efr1MXlEM0RhhRemcZH5f2piJ5eYCGbDmDJx8M/ok > 653/wQZ+PjzHwFHjlB4JN1GPIk5I9+ZDzV3E+FqwNLVYQWLqYacEUHK8IS5Nd5hz > cCs1opjqFPsi8eGWHSolnROoI9A36hIbNvGQAsa7sQvQN8mBwgqPUHYZ2ioE09c/ > ODGx/Q7piKnAegZrZxK6F+B0RZxgLDMzWzKhQe9naqxcfR///NaNNd1Eoi2Bo2bU > jdbwlo2972o/74MscfoX > =xYUK > -----END PGP SIGNATURE----- > >
-- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
