Source: owncloud Severity: grave Tags: security The new upstream release 4.0.9 / 4.5.2 fixes multiple security issues. >From the changelog[1]:
[1] <http://owncloud.org/changelog/> ---- Version 4.0.9 Nov 14th 2012 Several critical security fixes Multiple XSS vulnerabilities (oC-SA-2012-001) Timing attack in the “Lost Password” implementation (oC-SA-2012-002) Code Execution in /lib/migrate.php (oC-SA-2012-004) Code Execution in /lib/filesystem.php (oC-SA-2012-005) ---- More details seem to be available here: http://owncloud.org/security/advisories/oC-SA-2012-001 http://owncloud.org/security/advisories/oC-SA-2012-002 http://owncloud.org/security/advisories/oC-SA-2012-004 http://owncloud.org/security/advisories/oC-SA-2012-005 Please also update the version in wheezy if necessary. Ansgar -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org