Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 831372 (CVE-2021-44537) - <net-misc/owncloud-client-2.9.2.6206: resource injection by server leading to RCE
Summary: <net-misc/owncloud-client-2.9.2.6206: resource injection by server leading to...
Status: RESOLVED FIXED
Alias: CVE-2021-44537
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: https://owncloud.com/security-advisor...
Whiteboard: ~2 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2022-01-17 20:51 UTC by John Helmert III
Modified: 2022-01-19 02:24 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-01-17 20:51:38 UTC 
CVE-2021-44537:

ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution.
Comment 1 Larry the Git Cow gentoo-dev 2022-01-18 22:34:36 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b973582f9c0b210df9f8baed587897a99c072276

commit b973582f9c0b210df9f8baed587897a99c072276
Author:     Bernard Cafarelli <voyageur@gentoo.org>
AuthorDate: 2022-01-18 20:39:05 +0000
Commit:     Bernard Cafarelli <voyageur@gentoo.org>
CommitDate: 2022-01-18 22:34:34 +0000

    net-misc/owncloud-client: drop old security vulnerable versions
    
    Bug: https://bugs.gentoo.org/831372
    Package-Manager: Portage-3.0.30, Repoman-3.0.3
    Signed-off-by: Bernard Cafarelli <voyageur@gentoo.org>

 net-misc/owncloud-client/Manifest                  |  2 -
 .../owncloud-client-2.9.0.5150.ebuild              | 69 ----------------------
 .../owncloud-client-2.9.1.5500.ebuild              | 69 ----------------------
 3 files changed, 140 deletions(-)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-01-19 02:24:27 UTC 
Thanks! All done