Raring, security update (5.0.4 to 5.0.7)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
owncloud (Ubuntu) |
Expired
|
Undecided
|
Unassigned |
Bug Description
I propose an update for Raring since several security issues has been found and fixed.
Version 5.0.7 June 6th 2013
SECURITY: Multiple XSS vulnerabilities (oC-SA-2013-028)
Version 5.0.6 May 14th 2013
SECURITY: SQL Injection (oC-SA-2013-019)
SECURITY: Multiple directory traversals (oC-SA-2013-020)
SECURITY: Multiple XSS vulnerabilities (oC-SA-2013-021)
SECURITY: Open redirector (oC-SA-2013-022)
SECURITY: Password autocompletion (oC-SA-2013-023)
SECURITY: Privilege escalation in the calendar application (oC-SA-2013-024)
SECURITY: Privilege escalation and CSRF in the API (oC-SA-2013-025)
SECURITY: Incomplete blacklist vulnerability (oC-SA-2013-026)
SECURITY: Information disclosure: CSRF token + username (oC-SA-2013-027)
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https:/ /wiki.ubuntu. com/SecurityTea m/UpdateProcedu res