oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Fwd: Re: CVE Request: ownCloud 5.0.5 and 4.5.10

From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 17 Apr 2013 14:40:41 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This was brought to my attention:

https://github.com/johndyer/mediaelement/commit/9223dc6bfc50251a9a3cba0210e71be80fc38ecd

+* Fixed possible XSS attack through `file=` parameter in
`flashmediaelement.swf`

This may have been requested already, I haven't seen it.

Please use CVE-2013-1967 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRbwjJAAoJEBYNRVNeJnmTRYIQALmGiZ9R7D2yuV3D+8EWTON4
29y17zF2yfMdGgG98HXBVhNWCFST1qjhSzdDLZA1iH5B9cxI9m80ztB3ELehXemJ
TZuv6kadgxbQN64hPbTP+TfoRpsIqA5cwdIitFbC5FhOm6K6tCySUlFxD9xrmiFf
AVhMjGexIsbnuqSHAYHJGwWD2SIesF8rGNcOzb2AWLQvYetUcd2r62RZiaIbJi9m
kqGOnjvnFS7RicL/xeJagkQD/9zuRXaZqstBieV9SyhKgPymvFITVPw9keXiE/W1
D4G/az1f4FJ2Vuyh4qTeKEOVXb7HZDpCCn/mxQja/V0SzAhrh1/d8U29JXPsw03D
aAY8tdZKFLU8UmyAsRFiNd09Pud5UV0dag/cNQstVrQnHuriaFurGNKC+bsf0n64
6USjHmtSxc79skB3AilZmhmPQPFB5T0nG/47P9xKZiw/Thri+eGQGgoMfLKgSsNT
izgyIwOVNah16RANHWJ55+ExrnbRI6MkHFSHbqgpSia2xgDt6JpUKKQQazgDoUOa
pnubWg3jr14fyi53ytQuMh8mgEI8LYeSsktAMxAPJAKSI6303LEOwlgPTWYSfUlv
YHDiQq6i9TE+cMI3XCR8djJ3Pv7gHhbPW7z3J2jFIBSgjxmtdCKX2yLPrf10S+/9
ps6+fwe5HmCVbhd09NPE
=LFeY
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: