This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 955307 - (CVE-2013-1963, CVE-2013-1967) CVE-2013-1963 CVE-2013-1967 owncloud: security fixes in 4.5.10
CVE-2013-1963 CVE-2013-1967 owncloud: security fixes in 4.5.10
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20130418,repor...
: Security
Depends On: 955308 955309
Blocks:
  Show dependency treegraph
 
Reported: 2013-04-22 14:33 EDT by Vincent Danen
Modified: 2013-04-22 18:59 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2013-04-22 14:33:16 EDT
Two flaws were reported as fixed in ownCloud 4.5.10:

* XSS vulnerability in MediaElement.js (oC-SA-2013-017) [1]
* Privilege escalation in the contacts application (oC-SA-2013-018)

The XSS issue ([1]) has been assigned CVE-2013-1967 [3].  The second issue has not yet been assigned a CVE.

[1] http://owncloud.org/about/security/advisories/oC-SA-2013-017/
[2] http://owncloud.org/about/security/advisories/oC-SA-2013-018/
[3] http://seclists.org/oss-sec/2013/q2/111
Comment 1 Vincent Danen 2013-04-22 14:34:17 EDT
Created owncloud tracking bugs for this issue

Affects: fedora-18 [bug 955308]
Affects: epel-6 [bug 955309]
Comment 2 Vincent Danen 2013-04-22 18:59:01 EDT
In fact, issue [2] was assigned CVE-2013-1963 here:

http://seclists.org/oss-sec/2013/q2/133

Note You need to log in before you can comment on or make changes to this bug.