Upstream has released version 8.0.9 on October 30: https://owncloud.org/changelog/ As usual, no details are available about the security issues. Updated package uploaded for Mageia 5. Advisory: ======================== Updated owncloud package fixes security vulnerabilities: The owncloud package has been updated to version 8.0.9, which fixes undisclosed security issues and other bugs. References: https://owncloud.org/changelog/ ======================== Updated packages in core/updates_testing: ======================== owncloud-8.0.9-1.mga5 from owncloud-8.0.9-1.mga5.src.rpm Reproducible: Steps to Reproduce:
You can find testing information in Bug 16491.
Whiteboard: (none) => has_procedure
Testing complete mga5 64 Database upgrades successfully, uploads work ok and syncs OK with the client.
Whiteboard: has_procedure => has_procedure mga5-64-ok
Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Advisory uploaded.
Whiteboard: has_procedure mga5-64-ok => has_procedure advisory mga5-64-ok
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0437.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/663795/
CVE-2016-1501 was the security issue fixed here: https://owncloud.org/security/advisory/?id=oc-sa-2016-004 Advisory: ======================== Updated owncloud package fixes security vulnerability: ownCloud returns exception error messages to the user in two different places, allowing an authenticated adversary to gain information about the installation path of the ownCloud instance. There is no further information disclosure (CVE-2016-1501). References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1501 https://owncloud.org/security/advisory/?id=oc-sa-2016-004 https://owncloud.org/changelog/