Summary: | Critical fixes on www/owncloud (SQL inject, XSS & CSRF) | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | loic.blot | ||||||
Component: | Individual Port(s) | Assignee: | Frederic Culot <culot> | ||||||
Status: | Closed FIXED | ||||||||
Severity: | Affects Only Me | ||||||||
Priority: | Normal | ||||||||
Version: | Latest | ||||||||
Hardware: | Any | ||||||||
OS: | Any | ||||||||
Attachments: |
|
Description
loic.blot
2013-05-14 15:32:20 UTC
SECURITY: SQL Injection (oC-SA-2013-019) SECURITY: Multiple directory traversals (oC-SA-2013-020) SECURITY: Multiple XSS vulnerabilities (oC-SA-2013-021) SECURITY: Open redirector (oC-SA-2013-022) SECURITY: Password autocompletion (oC-SA-2013-023) SECURITY: Privilege escalation in the calendar application (oC-SA-2013-024) SECURITY: Privilege escalation and CSRF in the API (oC-SA-2013-025) SECURITY: Incomplete blacklist vulnerability (oC-SA-2013-026) SECURITY: Information disclosure: CSRF token + username (oC-SA-2013-027) Fix renaming of shared files Fix UUID handling with LDAP Fix several undelete files issues Fix LDAP cachekey handling Several OCS API fixes Dropbox mounting fixes Remove ldap group name restrictions Fix fetching of the userlist with multiple user backends Turn off password autocompletion Translation fixes of the Shared folder Fix the fileactions order for filetypes Allow to ship a default theme Disallow URLs containing â@â Smaller layout improvemens Log an upgrade warning Log a trash bin cleanup message Improved quota calculation Allow to set Quota to zero Fix performance regression for uploading of big files Several Calendar fixes Use displaynames in contacts Check for existing address books during migrate->import Texteditor fixes Increase the SQLite database timeout Order images in Gallery Fix: Use this patch Responsible Changed From-To: freebsd-ports-bugs->kevlo Over to maintainer (via the GNATS Auto Assign Tool) Responsible Changed From-To: kevlo->culot I'll take it. Author: culot Date: Tue Jun 11 20:27:48 2013 New Revision: 320636 URL: http://svnweb.freebsd.org/changeset/ports/320636 Log: - Update to 5.0.7 Changes: http://owncloud.org/changelog/ Security: oC-SA-2013-[019-028] Security: CVE-2013-[2039-2045,2047-2048,2085-2086,2089,2149-2150] PR: ports/178628 PR: ports/179494 Submitted by: Loic Blot <loic.blot@unix-experience.fr> Approved by: kevlo@ (maintainer, timeout) Modified: head/www/owncloud/Makefile head/www/owncloud/distinfo Modified: head/www/owncloud/Makefile ============================================================================== --- head/www/owncloud/Makefile Tue Jun 11 19:45:36 2013 (r320635) +++ head/www/owncloud/Makefile Tue Jun 11 20:27:48 2013 (r320636) @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= owncloud -PORTVERSION= 5.0.5 +PORTVERSION= 5.0.7 CATEGORIES= www MASTER_SITES= http://download.owncloud.org/community/ Modified: head/www/owncloud/distinfo ============================================================================== --- head/www/owncloud/distinfo Tue Jun 11 19:45:36 2013 (r320635) +++ head/www/owncloud/distinfo Tue Jun 11 20:27:48 2013 (r320636) @@ -1,2 +1,2 @@ -SHA256 (owncloud-5.0.5.tar.bz2) = d1538f598f7b06a2d0494a9675a461e4bcd976e7e4ddf372efc1a2ec50007a31 -SIZE (owncloud-5.0.5.tar.bz2) = 13865933 +SHA256 (owncloud-5.0.7.tar.bz2) = 8329a2b8ee7da48111455aca299eacef68bde22c6e6494c3e9c41d4619e5083d +SIZE (owncloud-5.0.7.tar.bz2) = 14016269 _______________________________________________ svn-ports-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-ports-all To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org" State Changed From-To: open->closed Committed. Thanks! |