Summary: | <www-apps/owncloud-10.7.0: authenticated account enumeration (CVE-2021-29659) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | voyageur, web-apps |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://owncloud.com/security-advisories/cve-2021-29659 | ||
Whiteboard: | ~4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
![]() ![]() ![]() ![]() As far as I can see, "now" is current master only: 10.7 was released on 2021-03-26 so quite a while before the CVE, and I think the relevant fix is https://github.com/owncloud/core/pull/38689 - closest I could find in the changelog https://owncloud.com/changelog/server/ That patch applies cleanly to 10.7 so I can add it while bumping version The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2ad56745900b2993f9f0c0ebdc55fa64933f4599 commit 2ad56745900b2993f9f0c0ebdc55fa64933f4599 Author: Bernard Cafarelli <voyageur@gentoo.org> AuthorDate: 2021-06-04 07:40:47 +0000 Commit: Bernard Cafarelli <voyageur@gentoo.org> CommitDate: 2021-06-04 09:28:38 +0000 www-apps/owncloud: 10.7.0 bump, with security fix backport Add https://github.com/owncloud/core/pull/38689 that fixes senstitive exception data exposure Bug: https://bugs.gentoo.org/794091 Package-Manager: Portage-3.0.19, Repoman-3.0.3 Signed-off-by: Bernard Cafarelli <voyageur@gentoo.org> www-apps/owncloud/Manifest | 1 + .../owncloud-10.7.0-share_data_exposure.patch | 78 ++++++++++++++++++++++ www-apps/owncloud/owncloud-10.7.0.ebuild | 49 ++++++++++++++ 3 files changed, 128 insertions(+) Thanks, all done! |