Your message dated Fri, 12 Oct 2012 21:09:02 +0200 with message-id <20121012190902.ga25...@inutil.org> and subject line Re: [Pkg-owncloud-maintainers] Bug#688123: owncloud: CVE-2012-4753 has caused the Debian Bug report #688123, regarding owncloud: CVE-2012-4753 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 688123: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688123 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: owncloud Severity: grave Tags: security Justification: user security hole Hi, CVE-2012-4753 is still unfixed in Wheezy: http://www.openwall.com/lists/oss-security/2012/09/05/17 It's not clear, which CSRF fixes were fixed in 4.0.5, so please contact upstream to identify the specific fixes and introduce them in another tpu upload. Cheers, Moritz
--- End Message ---
--- Begin Message ---On Thu, Oct 11, 2012 at 03:33:15PM +0200, Thomas Müller wrote: > > A member of the Owncloud security team is in contact with MITRE > in order to close this CVE as it's invalid due to unclear changelog entries. > > I'll keep you informed. Thanks, I'll mark it as a non-issue in the Security Tracker. Cheers, Moritz
--- End Message ---
