Candidate: CVE-2013-2089
PublicDate: 2014-03-14 16:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2089
 http://owncloud.org/about/security/advisories/oC-SA-2013-026/
Description:
 Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote
 authenticated users to execute arbitrary PHP code by uploading a crafted
 file, then accessing it via a direct request to the file in /data.
Ubuntu-Description:
Notes:
 jdstrand> per upstream, 5.0 only
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_owncloud:
upstream_owncloud: released (5.0.6)
lucid_owncloud: DNE
precise_owncloud: not-affected
quantal_owncloud: not-affected (4.0.8debian-1.1ubuntu0.1)
raring_owncloud: ignored (reached end-of-life)
saucy_owncloud: not-affected (5.0.10+dfsg-1ubuntu1)
trusty_owncloud: not-affected (6.0.1+dfsg-1ubuntu1)
trusty/esm_owncloud: DNE (trusty was not-affected [6.0.1+dfsg-1ubuntu1])
devel_owncloud: not-affected (6.0.1+dfsg-1ubuntu1)