Candidate: CVE-2015-3013
PublicDate: 2015-05-08 14:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3013
 https://owncloud.org/security/advisory/?id=oc-sa-2015-004
Description:
 ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5
 allows remote authenticated users to bypass the file blacklist and upload
 arbitrary files via a file path with UTF-8 encoding, as demonstrated by
 uploading a .htaccess file.
Ubuntu-Description:
Notes:
 mdeslaur> owncloud packages in Ubuntu are now empty
Bugs:
Priority: medium
Discovered-by: Lukas Reschke
Assigned-to:
CVSS: 

Patches_owncloud:
upstream_owncloud: released (7.0.4+dfsg-3)
lucid_owncloud: DNE
precise_owncloud: not-affected
trusty_owncloud: not-affected
trusty/esm_owncloud: DNE (trusty was not-affected)
utopic_owncloud: DNE
vivid_owncloud: DNE
wily_owncloud: DNE
devel_owncloud: DNE