Control: retitle -1 unblock: owncloud/7.0.4+dfsg-3 Hi, On Thu, Mar 26, 2015 at 03:26:37PM -0400, David Prévot wrote: > Please pre-approve an unblock for the owncloud package Let’s make it an approval request instead: I felt uneasy letting a package with known security issues (and fixes) in unstable, so I went ahead with the upload. It should save us a hop if you agree with the request, and I’ll make sure to prepare a -4 version in a timely manner if you disagree with any of the proposed changes. unblock owncloud/7.0.4+dfsg-3 Thanks in advance. Regards P.-S.: Original request (without debdiff) > It cherry-picks three security fixes from the recently released 7.0.5 > version (already in experimental): > > owncloud (7.0.4+dfsg-3) unstable; urgency=medium > > * Add gbp config file to follow the jessie branch > * Backport security fixes from 7.0.5: > - Multiple stored XSS in "contacts" application [OC-SA-2015-001] > - Multiple stored XSS in "documents" application [OC-SA-2015-002] > - Bypass of file blacklist [OC-SA-2015-004] > * Run upgrade script with sudo as www-data user > * Depend on php5-cli (it is actually used in postinst) > > -- David Prévot <taffit@debian.org> Wed, 25 Mar 2015 16:20:32 -0400 > > I’d also like to shim in two other small changes: > - the upgrade script should be run as the same user as the installed > data, i.e., www-data by default, instead of root: this recommendation > has recently been enforced upstream since the upgrade process may > touch data files on top of the potential database changes; > - since the php CLI is called during postinst, php5-cli should be a > dependency instead of a recommendation (the README.Debian change just > drops the now useless explanation why php5-cli was recommended). > > The attached debdiff stripes away the webodf.js changes from the > cherry-picked commit from upstream: this minified JavaScript files is > anyway regenerated at build time and is thus not the file included in > the actual binary package.
Attachment:
signature.asc
Description: Digital signature