[owncloud-devel] ownCloud solutions in *other* projects

Alessandro Cosentino cosenal at gmail.com
Thu Jan 8 23:37:07 GMT 2015


Awesome! This is a fantastic start. Thank you, Lukas!

On Thu, Jan 8, 2015 at 5:06 PM, Lukas Reschke <lukas at statuscode.ch> wrote:
>> In order to celebrate ownCloud's 5th birthday (and the anniversary of
>> my 3-year engagement with ownCloud), I have planned to write a blog
>> post on how the development of ownCloud has benefited other software
>> projects (not necessarily open source projects).
>
> ownCloud’s security team has reported quite some vulnerabilities in well known and widely used 3rdparty libraries. Most notably:
>
> - ZendFramework: http://framework.zend.com/security/advisory/ZF2014-01
> - SabreDAV: http://www.cvedetails.com/cve/CVE-2013-1939/ + http://www.cvedetails.com/cve/CVE-2014-2055/
> - TCPDF: https://github.com/tcpdf-clone/tcpdf/commit/8ec040b3ccedc2a0150a7b6b46c18c59d932ad59
> - GetID3: https://github.com/JamesHeinrich/getID3/commit/dc8549079a24bb0619b6124ef2df767704f8d0bc (also used by Wordpress and so on…)
> - PHPExcel: https://github.com/PHPOffice/PHPExcel/commit/c243bcb8ad2911cdbd0c272b284a516b444e606a
> - PHPDocX: http://www.cvedetails.com/cve/CVE-2014-2056/
>
> Also in quite some other components but those are not that widely used as the ones pointed out above. Also every one of the bugs pointed out above allowed an attacker to either execute arbitrary PHP Code or read arbitrary files from the system :-)
>
> - Lukas
> _______________________________________________
> Devel mailing list
> Devel at owncloud.org
> http://mailman.owncloud.org/mailman/listinfo/devel
>


More information about the Devel mailing list