Bug#699652: tpu: owncloud/4.0.4debian2-3.3

[Salvatore Bonaccorso <carnil@debian.org>]

Hi Julien

On Sun, Feb 03, 2013 at 11:50:05PM +0100, Julien Cristau wrote:
> On Sun, Feb  3, 2013 at 00:05:39 +0100, Salvatore Bonaccorso wrote:
> 
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian.org@packages.debian.org
> > Usertags: unblock
> > 
> > Hi Release Team
> > 
> > owncloud in unstable fixes some security bugs: #698737, which are some
> > XSS vulnerabilities fixed in unstable (CVE-2012-0201, CVE-2012-0202
> > and CVE-2012-0203). But we have a newer version in unstable. Attached
> > is the proposed debdiff against the version in unstable (practicly the
> > same patch as applied in unstable).
> > 
> > Attached is the debdiff. Could I upload this to t-p-u?
> > 
> > Regards and thanks for your work!
> > 
> Go ahead.

Thanks done!

> > +--- a/apps/gallery/sharing.php
> > ++++ b/apps/gallery/sharing.php
> > +@@ -37,7 +37,7 @@
> > +     <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js"; type="text/javascript"></script>
> 
> ick.

Indeed; have not checked in detail but does not seem to be reported to
the BTS so far.

Regards,
Salvatore