[owncloud-devel] ownCloud solutions in *other* projects

Morris Jobke morris at owncloud.com
Fri Jan 9 01:01:46 GMT 2015


I always worked seamlessly with the creator of getID3 and we benefit 
from each other.

https://github.com/JamesHeinrich/getID3/commit/a9443d559def6ab07489698a5b60c3c58da0e67e

This was derived from 
https://github.com/owncloud/music/issues/212#issuecomment-43082336

Morris

Am 09.01.2015 um 00:37 schrieb Alessandro Cosentino:
> Awesome! This is a fantastic start. Thank you, Lukas!
>
> On Thu, Jan 8, 2015 at 5:06 PM, Lukas Reschke <lukas at statuscode.ch> wrote:
>>> In order to celebrate ownCloud's 5th birthday (and the anniversary of
>>> my 3-year engagement with ownCloud), I have planned to write a blog
>>> post on how the development of ownCloud has benefited other software
>>> projects (not necessarily open source projects).
>>
>> ownCloud’s security team has reported quite some vulnerabilities in well known and widely used 3rdparty libraries. Most notably:
>>
>> - ZendFramework: http://framework.zend.com/security/advisory/ZF2014-01
>> - SabreDAV: http://www.cvedetails.com/cve/CVE-2013-1939/ + http://www.cvedetails.com/cve/CVE-2014-2055/
>> - TCPDF: https://github.com/tcpdf-clone/tcpdf/commit/8ec040b3ccedc2a0150a7b6b46c18c59d932ad59
>> - GetID3: https://github.com/JamesHeinrich/getID3/commit/dc8549079a24bb0619b6124ef2df767704f8d0bc (also used by Wordpress and so on…)
>> - PHPExcel: https://github.com/PHPOffice/PHPExcel/commit/c243bcb8ad2911cdbd0c272b284a516b444e606a
>> - PHPDocX: http://www.cvedetails.com/cve/CVE-2014-2056/
>>
>> Also in quite some other components but those are not that widely used as the ones pointed out above. Also every one of the bugs pointed out above allowed an attacker to either execute arbitrary PHP Code or read arbitrary files from the system :-)
>>
>> - Lukas
>> _______________________________________________
>> Devel mailing list
>> Devel at owncloud.org
>> http://mailman.owncloud.org/mailman/listinfo/devel
>>
> _______________________________________________
> Devel mailing list
> Devel at owncloud.org
> http://mailman.owncloud.org/mailman/listinfo/devel
>


More information about the Devel mailing list