CVE-2015-3013 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3013): ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allows remote authenticated users to bypass the file blacklist and upload arbitrary files via a file path with UTF-8 encoding, as demonstrated by uploading a .htaccess file. CVE-2015-3012 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3012): Multiple cross-site scripting (XSS) vulnerabilities in WebODF before 0.5.5, as used in ownCloud, allow remote attackers to inject arbitrary web script or HTML via a (1) style or (2) font name or (3) javascript or (4) data URI. CVE-2015-3011 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3011): Multiple cross-site scripting (XSS) vulnerabilities in the contacts application in ownCloud Server Community Edition before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted contact.
Opened for tracking CVEs. Closing noglsa for ~arch only.
Mar 2015; Bernard Cafarelli <voyageur@gentoo.org> -owncloud-5.0.18.ebuild, +owncloud-5.0.19.ebuild, -owncloud-6.0.6.ebuild, +owncloud-6.0.7.ebuild, -owncloud-7.0.4.ebuild, +owncloud-7.0.5.ebuild, +owncloud-8.0.2.ebuild: Version bumps, remove previous versions for old branches as some changelogs report security fixes And maintainers: in the future, please report a security bug when you are aware that there are security fixes.
