[owncloud-devel] ownCloud solutions in *other* projects

Morris Jobke morris at owncloud.com
Fri Jan 9 01:01:46 GMT 2015

I always worked seamlessly with the creator of getID3 and we benefit 
from each other.


This was derived from 


Am 09.01.2015 um 00:37 schrieb Alessandro Cosentino:
> Awesome! This is a fantastic start. Thank you, Lukas!
> On Thu, Jan 8, 2015 at 5:06 PM, Lukas Reschke <lukas at statuscode.ch> wrote:
>>> In order to celebrate ownCloud's 5th birthday (and the anniversary of
>>> my 3-year engagement with ownCloud), I have planned to write a blog
>>> post on how the development of ownCloud has benefited other software
>>> projects (not necessarily open source projects).
>> ownCloud’s security team has reported quite some vulnerabilities in well known and widely used 3rdparty libraries. Most notably:
>> - ZendFramework: http://framework.zend.com/security/advisory/ZF2014-01
>> - SabreDAV: http://www.cvedetails.com/cve/CVE-2013-1939/ + http://www.cvedetails.com/cve/CVE-2014-2055/
>> - TCPDF: https://github.com/tcpdf-clone/tcpdf/commit/8ec040b3ccedc2a0150a7b6b46c18c59d932ad59
>> - GetID3: https://github.com/JamesHeinrich/getID3/commit/dc8549079a24bb0619b6124ef2df767704f8d0bc (also used by Wordpress and so on…)
>> - PHPExcel: https://github.com/PHPOffice/PHPExcel/commit/c243bcb8ad2911cdbd0c272b284a516b444e606a
>> - PHPDocX: http://www.cvedetails.com/cve/CVE-2014-2056/
>> Also in quite some other components but those are not that widely used as the ones pointed out above. Also every one of the bugs pointed out above allowed an attacker to either execute arbitrary PHP Code or read arbitrary files from the system :-)
>> - Lukas
>> _______________________________________________
>> Devel mailing list
>> Devel at owncloud.org
>> http://mailman.owncloud.org/mailman/listinfo/devel
> _______________________________________________
> Devel mailing list
> Devel at owncloud.org
> http://mailman.owncloud.org/mailman/listinfo/devel

More information about the Devel mailing list