Candidate: CVE-2014-2054
PublicDate: 2014-06-04 14:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2054
 http://owncloud.org/about/security/advisories/oC-SA-2014-006/
 https://github.com/PHPOffice/PHPExcel/blob/develop/changelog.txt
Description:
 PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x
 before 6.0.2, does not disable external entity loading in libxml, which
 allows remote attackers to read arbitrary files, cause a denial of service,
 or possibly have other impact via an XML External Entity (XXE) attack.
Ubuntu-Description:
Notes:
 mdeslaur> owncloud packages in Ubuntu are now empty
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_owncloud:
upstream_owncloud: released (5.0.15, 6.0.2)
lucid_owncloud: DNE
precise_owncloud: not-affected
precise/esm_owncloud: DNE (precise was not-affected)
saucy_owncloud: ignored (reached end-of-life)
trusty_owncloud: not-affected
trusty/esm_owncloud: DNE (trusty was not-affected)
utopic_owncloud: DNE
vivid_owncloud: DNE
vivid/stable-phone-overlay_owncloud: DNE
vivid/ubuntu-core_owncloud: DNE
wily_owncloud: DNE
xenial_owncloud: DNE
yakkety_owncloud: DNE
zesty_owncloud: DNE
artful_owncloud: DNE
bionic_owncloud: DNE
cosmic_owncloud: DNE
disco_owncloud: DNE
devel_owncloud: DNE

Patches_dolibarr:
upstream_dolibarr: needs-triage
lucid_dolibarr: DNE
precise_dolibarr: DNE
precise/esm_dolibarr: DNE
saucy_dolibarr: DNE
trusty_dolibarr: ignored (reached end-of-life)
trusty/esm_dolibarr: DNE (trusty was needed)
utopic_dolibarr: ignored (reached end-of-life)
vivid_dolibarr: ignored (reached end-of-life)
vivid/stable-phone-overlay_dolibarr: DNE
vivid/ubuntu-core_dolibarr: DNE
wily_dolibarr: ignored (reached end-of-life)
xenial_dolibarr: not-affected (3.5.3+dfsg1-1)
yakkety_dolibarr: ignored (reached end-of-life)
zesty_dolibarr: ignored (reached end-of-life)
artful_dolibarr: ignored (reached end-of-life)
bionic_dolibarr: DNE
cosmic_dolibarr: DNE
disco_dolibarr: DNE
devel_dolibarr: DNE

Patches_moodle:
upstream_moodle: needs-triage
lucid_moodle: ignored (reached end-of-life)
precise_moodle: ignored (reached end-of-life)
precise/esm_moodle: DNE (precise was needs-triage)
saucy_moodle: ignored (reached end-of-life)
trusty_moodle: ignored (reached end-of-life)
trusty/esm_moodle: DNE (trusty was needed)
utopic_moodle: ignored (reached end-of-life)
vivid_moodle: ignored (reached end-of-life)
vivid/stable-phone-overlay_moodle: DNE
vivid/ubuntu-core_moodle: DNE
wily_moodle: ignored (reached end-of-life)
xenial_moodle: not-affected (2.7.5+dfsg-3)
yakkety_moodle: ignored (reached end-of-life)
zesty_moodle: ignored (reached end-of-life)
artful_moodle: ignored (reached end-of-life)
bionic_moodle: not-affected (2.7.5+dfsg-3)
cosmic_moodle: not-affected (2.7.5+dfsg-3)
disco_moodle: not-affected (2.7.5+dfsg-3)
devel_moodle: not-affected (2.7.5+dfsg-3)