Awesome! This is a fantastic start. Thank you, Lukas!
On Thu, Jan 8, 2015 at 5:06 PM, Lukas Reschke <lu...@statuscode.ch> wrote: >> In order to celebrate ownCloud's 5th birthday (and the anniversary of >> my 3-year engagement with ownCloud), I have planned to write a blog >> post on how the development of ownCloud has benefited other software >> projects (not necessarily open source projects). > > ownCloud’s security team has reported quite some vulnerabilities in well > known and widely used 3rdparty libraries. Most notably: > > - ZendFramework: http://framework.zend.com/security/advisory/ZF2014-01 > - SabreDAV: http://www.cvedetails.com/cve/CVE-2013-1939/ + > http://www.cvedetails.com/cve/CVE-2014-2055/ > - TCPDF: > https://github.com/tcpdf-clone/tcpdf/commit/8ec040b3ccedc2a0150a7b6b46c18c59d932ad59 > - GetID3: > https://github.com/JamesHeinrich/getID3/commit/dc8549079a24bb0619b6124ef2df767704f8d0bc > (also used by Wordpress and so on…) > - PHPExcel: > https://github.com/PHPOffice/PHPExcel/commit/c243bcb8ad2911cdbd0c272b284a516b444e606a > - PHPDocX: http://www.cvedetails.com/cve/CVE-2014-2056/ > > Also in quite some other components but those are not that widely used as the > ones pointed out above. Also every one of the bugs pointed out above allowed > an attacker to either execute arbitrary PHP Code or read arbitrary files from > the system :-) > > - Lukas > _______________________________________________ > Devel mailing list > Devel@owncloud.org > http://mailman.owncloud.org/mailman/listinfo/devel > _______________________________________________ Devel mailing list Devel@owncloud.org http://mailman.owncloud.org/mailman/listinfo/devel
