Bug 1035591 (CVE-2013-6403)

Summary: CVE-2013-6403 owncloud: possible security bypass on admin page (5.0.13)
Product: [Other] Security Response Reporter: Murray McAllister <mmcallis>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: awilliam, gregor
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: owncloud 5.0.13 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-07-05 14:42:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1035593, 1035594    
Bug Blocks:    

Description Murray McAllister 2013-11-28 07:25:04 UTC 
ownCloud 5.0.13 fixes a possible security issue:

""
http://owncloud.org/changelog/
SECURITY: Fix a possible security bypass on admin page under certain circumstances and MariaDB
""

I do not know if this flaw affects the older versions in Fedora and EPEL.
Comment 1 Murray McAllister 2013-11-28 07:27:55 UTC 
Created owncloud tracking bugs for this issue:

Affects: fedora-all [bug 1035593]
Affects: epel-6 [bug 1035594]
Comment 2 Murray McAllister 2013-11-28 07:30:40 UTC 
CVE request: http://www.openwall.com/lists/oss-security/2013/11/28/5
Comment 3 Adam Williamson 2013-12-21 00:51:27 UTC 
F18 has 4.x but is EOL in a month, F19 and F20 are on 5.0.13 already (I'm about to send out 5.0.14a).
Comment 4 Adam Williamson 2013-12-21 22:39:15 UTC 
Sorry, I miscounted - F19 is still on 4.5.