Your message dated Tue, 11 Dec 2012 23:18:21 +0000 with message-id <e1tiz5h-0005vq...@franck.debian.org> and subject line Bug#693990: fixed in owncloud 4.0.4debian2-3.1 has caused the Debian Bug report #693990, regarding owncloud: multiple security issues to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 693990: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693990 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: owncloud Severity: grave Tags: security The new upstream release 4.0.9 / 4.5.2 fixes multiple security issues. >From the changelog[1]: [1] <http://owncloud.org/changelog/> ---- Version 4.0.9 Nov 14th 2012 Several critical security fixes Multiple XSS vulnerabilities (oC-SA-2012-001) Timing attack in the “Lost Password” implementation (oC-SA-2012-002) Code Execution in /lib/migrate.php (oC-SA-2012-004) Code Execution in /lib/filesystem.php (oC-SA-2012-005) ---- More details seem to be available here: http://owncloud.org/security/advisories/oC-SA-2012-001 http://owncloud.org/security/advisories/oC-SA-2012-002 http://owncloud.org/security/advisories/oC-SA-2012-004 http://owncloud.org/security/advisories/oC-SA-2012-005 Please also update the version in wheezy if necessary. Ansgar
--- End Message ---
--- Begin Message ---Source: owncloud Source-Version: 4.0.4debian2-3.1 We believe that the bug you reported is fixed in the latest version of owncloud, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 693...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Banck <mba...@debian.org> (supplier of updated owncloud package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 05 Dec 2012 21:25:00 +0100 Source: owncloud Binary: owncloud owncloud-mysql owncloud-sqlite Architecture: source all Version: 4.0.4debian2-3.1 Distribution: testing Urgency: high Maintainer: Michael Banck <mba...@debian.org> Changed-By: Michael Banck <mba...@debian.org> Description: owncloud - cloud storage for files, music, contacts, calendars and many more owncloud-mysql - meta-package providing MySQL dependencies for ownCloud owncloud-sqlite - meta-package providing SQLite dependencies for ownCloud Closes: 693990 Changes: owncloud (4.0.4debian2-3.1) testing-proposed-updates; urgency=high . * Non-maintainer upload, fixes several security issues (Closes: #693990). * debian/patches/06_oc-sa-2012-001.patch: Fix multiple XSS vulnerabilities. * debian/patches/07_oc-sa-2012-002.patch: Fix timing attack. * debian/patches/08_oc-sa-2012-004.patch: Fix code execution in migrate.php. * debian/patches/09_oc-sa-2012-005.patch: Fix code execution in filesystem.php. * debian/patches/07_oc-sa-2012-002.patch: Backport generate_random_bytes() function from 4.0.8 release. * debian/patches/06_oc-sa-2012-001.patch: Include escapeHTML() function. Checksums-Sha1: 00d3fb229009841b857ced9819d6a280862df709 1516 owncloud_4.0.4debian2-3.1.dsc 6412816231d3ce5435fefadf7f9ec40598d8d40d 47596 owncloud_4.0.4debian2-3.1.debian.tar.gz cc5dbf3ba6c186e32097766a5a80c373f1461ec8 2206640 owncloud_4.0.4debian2-3.1_all.deb b852269abb523161fe289f2b80873bbc030a455d 31488 owncloud-mysql_4.0.4debian2-3.1_all.deb e177078664a2c9332505761e16942e3a15008c11 57296 owncloud-sqlite_4.0.4debian2-3.1_all.deb Checksums-Sha256: c121574186853a466fe0e0d720bea7dd4b993f7c5c85637fccc7680aae1f6941 1516 owncloud_4.0.4debian2-3.1.dsc cc0209d6ebfd2309077b785b1803145e9dfcec09d63d9fad4ce87ee949711fe1 47596 owncloud_4.0.4debian2-3.1.debian.tar.gz 990a715a31ea7754a5e7597464dc7d2273a4a9e23fe61282324804bd3fbde367 2206640 owncloud_4.0.4debian2-3.1_all.deb c9debd8e6bc6bf137e1e2f69a04b2af1bd92764df87217dc4c07228a3ff6ed5e 31488 owncloud-mysql_4.0.4debian2-3.1_all.deb 972e0c29b70841e94b67b94a5db7d1091fbb3e07d679a8d0e7886a839978c6a8 57296 owncloud-sqlite_4.0.4debian2-3.1_all.deb Files: 0f2d8d50ed3dfa3761d8c8ce16de7347 1516 web extra owncloud_4.0.4debian2-3.1.dsc e27c85d2f90383b87e905350209ac60c 47596 web extra owncloud_4.0.4debian2-3.1.debian.tar.gz db2416245a6f03330c86c026f560b8c1 2206640 web extra owncloud_4.0.4debian2-3.1_all.deb 0cb8810260ff4ab8a03bbe95fabe7033 31488 web extra owncloud-mysql_4.0.4debian2-3.1_all.deb c98f5482fa817c05b7359cb61b472b8f 57296 web extra owncloud-sqlite_4.0.4debian2-3.1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlDHu5UACgkQmHaJYZ7RAb8l/QCeO9WjGj2IebvsCc+/A1pAK5xf tu4AoLUtcDkdYh14N3GHsVnDXUO9PjpX =3dkp -----END PGP SIGNATURE-----
--- End Message ---
