Summary: | <www-apps/owncloud-{5.0.17,6.0.4}: several security issues fixed in versions 5.0.17 and 6.0.4 (CVE-2014-4929) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Bernard Cafarelli <voyageur> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://owncloud.org/releases/Changelog | ||
Whiteboard: | ~2 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Bernard Cafarelli
2014-06-29 13:23:56 UTC
Thank you Bernard. It will be interesting to see what the undisclosed security fix is, so will set the appropriate vulnerability level once we know. Until then; as far as I can see this package has never been stabilized so would not require a glsa, meaning you've really solved it already :) Maintainers, thank you for your work. We are going to leave it in [cleanup] whiteboard so that we can add vulnerability and CVE when they are released. CVE-2014-4929 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4929): Directory traversal vulnerability in the routing component in ownCloud Server before 5.0.17 and 6.0.x before 6.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a filename, related to index.php. |