1
Candidate: CVE-2013-1939
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1939
5
http://owncloud.org/about/security/advisories/oC-SA-2013-016/
7
The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7, and
8
1.8.x before 1.8.5, as used in ownCloud, when running on Windows, does not
9
properly check path separators in the base path, which allows remote
10
attackers to read arbitrary files via a \ (backslash) character.
13
jdstrand> per Debian, Windows only
20
upstream_owncloud: needs-triage
23
oneiric_owncloud: not-affected
24
precise_owncloud: not-affected
25
quantal_owncloud: not-affected
26
devel_owncloud: not-affected
29
upstream_php-sabredav: needs-triage
30
hardy_php-sabredav: DNE
31
lucid_php-sabredav: DNE
32
oneiric_php-sabredav: DNE
33
precise_php-sabredav: DNE
34
quantal_php-sabredav: not-affected
35
devel_php-sabredav: not-affected