From ${URL} : ownCloud versions 5.0.15 and 6.0.2 will fix "several security" issues: http://owncloud.org/releases/Changelog As noted in Mageia #12889, release candidates for these versions are available: http://mailman.owncloud.org/pipermail/devel/2014-February/000036.html @maintainer(s): since the package has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.
5.0.15 and 6.0.2 have been released upstream, bumped in tree (and vulnerable versions removed)
Thank you very much. Closing noglsa.
CVE-2014-2585 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2585): ownCloud before 5.0.15 and 6.x before 6.0.2, when the file_external app is enabled, allows remote authenticated users to mount the local filesystem in the user's ownCloud via the mount configuration. CVE-2014-2057 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2057): Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 6.0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. CVE-2014-2049 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2049): The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors. CVE-2014-2047 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2047): Session fixation vulnerability in ownCloud before 6.0.2, when PHP is configured to accept session parameters through a GET request, allows remote attackers to hijack web sessions via unspecified vectors.