oss-security - Re: CVE request: ownCloud

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Message-ID: <50D557DD.7020304@redhat.com>
Date: Fri, 21 Dec 2012 23:49:01 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Lukas Reschke <lukas@...tuscode.ch>
Subject: Re: CVE request: ownCloud

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/21/2012 02:29 PM, Lukas Reschke wrote:
> ownCloud 4.5.5 and 4.0.10 are bringing two security fixes: 
> http://owncloud.org/changelog/
> 
> - Auth bypass in user_webdavauth and user_ldap (oC-SA-2012-001)

Please use CVE-2012-5665 for this issue.

> - XSS vulnerability in bookmarks (oC-SA-2012-007)

Please use CVE-2012-5666 for this issue.

> Thanks Lukas
> 


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQ1VfdAAoJEBYNRVNeJnmT/sEP/jXElZAErcew5AFir9bcYnhK
wM2ApyIDK4Lf/jp4QSGKYtGvOZqECQ2oPfUd6atYSZfVwvwNqv3qqNRHWiTfnGy/
Mv0m8b/BLq0s3Mjm8ChmOY82OweHLWzV7mzk1U0GWqRT60+TVG5A82E1OzcIsUhf
IH1ph5nEhdop5qolkfrgs44gRj2d11Wqjur21xvXBYr+EKpmG+jU0+Q7+T6/PhRn
y1f7yzvikVk1GByBzfomKv+vBCP/m/t63HC1xgW/zLUlFOrxT70bpCs0sFv81itF
xtJfhDdNnRImIF2DxYROy4jMW/VVdIv1TanEYTsPYWKgtOojYceBPV1027YSx1UP
zLuhJ+BRwsiv/OCFVYbJ7NTapg0hgMykNGb0thNowBmOMmAQwP1TIH/kPRtspWk1
crsgBRrM5CHVkNUgTXZgRki1RSqq38OWyMKsHNH2cYHJBO1/Ri+JGkpU7z2e0/aD
2M9pr1yeqiWcxjWl8FF1CsbXeHGGdn5r4BT+F/rqThocjUFoUnekgTD/ZtXzQmR2
ecQTttmUAB8raK5yJI2fTNW5P4vnaF+CPTlVP1qUkeJSeJ6iJCRjUMcj9NbCojVd
OZew+ts7YQKV6df9fu0BgKDiA9RbgdoUKMHDC4MEgdfpvd91Nplkjo0RFnhXjqdH
pGG3+b4aFBpLCaZXs7m4
=Z0ds
-----END PGP SIGNATURE-----

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.