Bug 955307 - (CVE-2013-1963, CVE-2013-1967) CVE-2013-1963 CVE-2013-1967 owncloud: security fixes in 4.5.10
CVE-2013-1963 CVE-2013-1967 owncloud: security fixes in 4.5.10
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 955308 955309
  Show dependency treegraph
Reported: 2013-04-22 14:33 EDT by Vincent Danen
Modified: 2013-04-22 18:59 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2013-04-22 14:33:16 EDT
Two flaws were reported as fixed in ownCloud 4.5.10:

* XSS vulnerability in MediaElement.js (oC-SA-2013-017) [1]
* Privilege escalation in the contacts application (oC-SA-2013-018)

The XSS issue ([1]) has been assigned CVE-2013-1967 [3].  The second issue has not yet been assigned a CVE.

[1] http://owncloud.org/about/security/advisories/oC-SA-2013-017/
[2] http://owncloud.org/about/security/advisories/oC-SA-2013-018/
[3] http://seclists.org/oss-sec/2013/q2/111
Comment 1 Vincent Danen 2013-04-22 14:34:17 EDT
Created owncloud tracking bugs for this issue

Affects: fedora-18 [bug 955308]
Affects: epel-6 [bug 955309]
Comment 2 Vincent Danen 2013-04-22 18:59:01 EDT
In fact, issue [2] was assigned CVE-2013-1963 here:


Note You need to log in before you can comment on or make changes to this bug.