Bug#699441: [Secure-testing-team] Bug#699441: owncloud: Multiple security issues in owncloud
Control: merge 698737 699441 Hi John On Thu, Jan 31, 2013 at 07:25:38AM -0600, John Goerzen wrote: Package: owncloud Version: 4.0.4debian2-3.2 Severity: grave Tags: security Justification: user security hole The version of owncloud in both testing and unstable contains security holes. http://owncloud.org/changelog/ has details. Upstream versions 4.0.11 and 4.5.6 fixed: * Security: Fix multiple XSS problems: CVE-2013-0201, CVE-2013-0202, CVE-2013-0203 * Security: Removed remoteStorage app because of unfixed security problems. Yes, owncloud fixing these is in the delayed queue: See: http://bugs.debian.org/698737 Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#699441: [Secure-testing-team] Bug#699441: owncloud: Multiple security issues in owncloud
Ah, sorry for the noise. 698737 did not show up on bugs.debian.org/owncloud and I didn't think to check the src:. -- John On 01/31/2013 08:37 AM, Salvatore Bonaccorso wrote: Control: merge 698737 699441 Hi John On Thu, Jan 31, 2013 at 07:25:38AM -0600, John Goerzen wrote: Package: owncloud Version: 4.0.4debian2-3.2 Severity: grave Tags: security Justification: user security hole The version of owncloud in both testing and unstable contains security holes. http://owncloud.org/changelog/ has details. Upstream versions 4.0.11 and 4.5.6 fixed: * Security: Fix multiple XSS problems: CVE-2013-0201, CVE-2013-0202, CVE-2013-0203 * Security: Removed remoteStorage app because of unfixed security problems. Yes, owncloud fixing these is in the delayed queue: See: http://bugs.debian.org/698737 Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#699441: [Secure-testing-team] Bug#699441: owncloud: Multiple security issues in owncloud
Hey John On Thu, Jan 31, 2013 at 08:39:42AM -0600, John Goerzen wrote: Ah, sorry for the noise. 698737 did not show up on bugs.debian.org/owncloud and I didn't think to check the src:. No problem. I'm unsure if I should have reported this against owncloude instead src:owncloud. But security-tracker tracks packages via source package name. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org