ownCloud 4.0.7 is out and includes important security fixes. Please bump the ebuild. (Also I’m running 4.0.5 on ARM and it works, so you IMHO it could be at least keyworded with ~arm)
Changelog: --- Version 4.0.7 Aug 15th 2012 Show Login Button when user and password are auto-completed Sanitize LDAP base, user and groups Fix non active Adressbooks Calendar: Remove double html encoding Fix label for versioning in admin settings Add parent directory into filecache if it Âdoesn´t exist Handle non writable files correctly Disable webfinger completely if not activated Security: Disable user listings in DAV Check file blacklist for file renames Security: Fix XSS bug in Gallery Security: Several CSRF security fixes Security: Validate cookie to prevent auth bypasses Special thanks to Julien Cayssol for reporting several security problems Download: http://download.owncloud.org/releases/owncloud-4.0.7.tar.bz2 MD5: http://download.owncloud.org/releases/owncloud-4.0.7.tar.bz2.md5 --- Cheers!
Thanks for the report! 4.0.7 is in tree now (I have limited availability in august, so bumps may be delayed for a few days) For arm keywording, can you open a separate bug?
CVE-2012-4391 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4391): Cross-site request forgery (CSRF) vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the app configurations. CVE-2012-4390 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4390): (1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors. CVE-2012-4389 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4389): Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded PHP file.
Maintainers, please ensure that security bugs are turned over to the security team.