Date: Tue, 14 May 2013 16:32:20 +0200 (CEST) From: Loic Blot <loic.blot@unix-experience.fr> To: FreeBSD-gnats-submit@freebsd.org Subject: ports/178628: Critical fixes on owncloud (SQL inject, XSS & CSRF) Message-ID: <20130514143220.C4F3A5C8D7@www.unix-experience.fr> Resent-Message-ID: <201305141440.r4EEe1LF062087@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 178628 >Category: ports >Synopsis: Critical fixes on owncloud (SQL inject, XSS & CSRF) >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Tue May 14 14:40:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Loic Blot >Release: FreeBSD 9.1-RELEASE amd64 >Organization: Centre National de la Recherche Scientifique >Environment: System: FreeBSD www.unix-experience.fr 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243825: Tue Dec 4 09:23:10 UTC 2012 root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 >Description: SECURITY: SQL Injection (oC-SA-2013-019) SECURITY: Multiple directory traversals (oC-SA-2013-020) SECURITY: Multiple XSS vulnerabilities (oC-SA-2013-021) SECURITY: Open redirector (oC-SA-2013-022) SECURITY: Password autocompletion (oC-SA-2013-023) SECURITY: Privilege escalation in the calendar application (oC-SA-2013-024) SECURITY: Privilege escalation and CSRF in the API (oC-SA-2013-025) SECURITY: Incomplete blacklist vulnerability (oC-SA-2013-026) SECURITY: Information disclosure: CSRF token + username (oC-SA-2013-027) Fix renaming of shared files Fix UUID handling with LDAP Fix several undelete files issues Fix LDAP cachekey handling Several OCS API fixes Dropbox mounting fixes Remove ldap group name restrictions Fix fetching of the userlist with multiple user backends Turn off password autocompletion Translation fixes of the Shared folder Fix the fileactions order for filetypes Allow to ship a default theme Disallow URLs containing “@” Smaller layout improvemens Log an upgrade warning Log a trash bin cleanup message Improved quota calculation Allow to set Quota to zero Fix performance regression for uploading of big files Several Calendar fixes Use displaynames in contacts Check for existing address books during migrate->import Texteditor fixes Increase the SQLite database timeout Order images in Gallery >How-To-Repeat: >Fix: Use this patch --- own.diff begins here --- --- Makefile.old 2013-05-14 16:13:27.000000000 +0200 +++ Makefile 2013-05-14 16:15:00.000000000 +0200 @@ -1,7 +1,7 @@ -# $FreeBSD: www/owncloud/Makefile 316156 2013-04-20 15:53:03Z kevlo $ +# $FreeBSD: www/owncloud/Makefile 316156 2013-05-14 16:20:08Z nerz $ PORTNAME= owncloud -PORTVERSION= 5.0.5 +PORTVERSION= 5.0.6 CATEGORIES= www MASTER_SITES= http://download.owncloud.org/community/ --- distinfo.old 2013-05-14 16:15:12.000000000 +0200 +++ distinfo 2013-05-14 16:19:22.000000000 +0200 @@ -1,2 +1,2 @@ -SHA256 (owncloud-5.0.5.tar.bz2) = d1538f598f7b06a2d0494a9675a461e4bcd976e7e4ddf372efc1a2ec50007a31 -SIZE (owncloud-5.0.5.tar.bz2) = 13865933 +SHA256 (owncloud-5.0.6.tar.bz2) = 1017a62e64ca820c6bd42a4e1c58a644f487cd7c4d81fda2b7bc82f811a288a3 +SIZE (owncloud-5.0.6.tar.bz2) = 13864664 --- own.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130514143220.C4F3A5C8D7>