will here be a patch release 2.0.2? Me - being the maintainer of the Debian package - has a high interest in fixing security issues asap. (Even owncloud has not yet fully entered Debian ....)
THX, Thomas -- Thomas Müller E-Mail: [email protected] Am Mittwoch, den 14.12.2011 um 13:32 schrieb Robin Appelman: > I changed the token to also be based on the password of the user in > git master and stable, this should be enough to prevent against this > kind of attacks > since trying to brute-force the token while you know the password > seems kind of redundant :) > > Despite the maybe unfortunate way of making the issue public, many > thanks for taking a look into ownCloud security. > > - Robin Appelman > > > > On Wed, Dec 14, 2011 at 10:43, Marc Muehlfeld > <[email protected]> wrote: > > Hi, > > > > maybe it's better to send the details of vulnerables only to the team > > members and not to the list. If to detailed information are public it > > increases the risk of attacks until a fix is available. > > > > Maybe the team can provide a separate email address for security on the > > homepage until a bugtracker exists which allows to mark bugs as > > not-public-visible. > > > > Regards, > > Marc > > > > _______________________________________________ > > Owncloud mailing list > > [email protected] > > https://mail.kde.org/mailman/listinfo/owncloud > _______________________________________________ > Owncloud mailing list > [email protected] > https://mail.kde.org/mailman/listinfo/owncloud _______________________________________________ Owncloud mailing list [email protected] https://mail.kde.org/mailman/listinfo/owncloud
