> In order to celebrate ownCloud's 5th birthday (and the anniversary of > my 3-year engagement with ownCloud), I have planned to write a blog > post on how the development of ownCloud has benefited other software > projects (not necessarily open source projects).
ownCloud’s security team has reported quite some vulnerabilities in well known and widely used 3rdparty libraries. Most notably: - ZendFramework: http://framework.zend.com/security/advisory/ZF2014-01 - SabreDAV: http://www.cvedetails.com/cve/CVE-2013-1939/ + http://www.cvedetails.com/cve/CVE-2014-2055/ - TCPDF: https://github.com/tcpdf-clone/tcpdf/commit/8ec040b3ccedc2a0150a7b6b46c18c59d932ad59 - GetID3: https://github.com/JamesHeinrich/getID3/commit/dc8549079a24bb0619b6124ef2df767704f8d0bc (also used by Wordpress and so on…) - PHPExcel: https://github.com/PHPOffice/PHPExcel/commit/c243bcb8ad2911cdbd0c272b284a516b444e606a - PHPDocX: http://www.cvedetails.com/cve/CVE-2014-2056/ Also in quite some other components but those are not that widely used as the ones pointed out above. Also every one of the bugs pointed out above allowed an attacker to either execute arbitrary PHP Code or read arbitrary files from the system :-) - Lukas
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Devel mailing list Devel@owncloud.org http://mailman.owncloud.org/mailman/listinfo/devel
