A new version is available. Please also check the required USE-Flags because php-5.4.9 no longer have have "sqlite3" (dev-lang/php-5.4.9::gentoo, ebuild scheduled for merge) conflicts with dev-lang/php[curl,gd,json,mysql,pdo,sqlite3,xmlwriter,zip] required by (www-apps/owncloud-4.5.4::gentoo, installed) Reproducible: Always
This should be considered more than a simple version bump as 4.5.5 has security fixes including an auth bypass and XSS issue. Changelog: Version 4.5.5 Dec 20th 2012 Show drag and drop shadow for Firefox Fix Knowledgebase under certain conditions Fix setting of sharing password Fix setting of sharing password Several sharing fixes Fixversioning during sharing Fix mounting of external filesystems especially CIFS Fix several PHP warnings Show /Shared as standard directory Fix session management for running several ownClouds on the same host Fix WebDAV quota enforement Fix CalDAV with LDAP users Better warning about missing dependencies Add warning about conflicting WebDAV auth and LDAP backend Restore send sharing link my email Fix encoding problem with mounting of CIFS filesystems Fix mimetype icons for new files Fix the folder size calculation Fix for deleting multiple files Fix for controling the data dir with LDAP Security: Auth bypass in user_webdavauth and user_ldap (oC-SA-2012-006) Security: XSS vulnerability in bookmarks (oC-SA-2012-007)
Indeed, thanks for the report! Reassigning to security per: - Auth bypass in user_webdavauth and user_ldap (oC-SA-2012-001 / e CVE-2012-5665) - XSS vulnerability in bookmarks (oC-SA-2012-007 / CVE-2012-5666) (also thanks Lukas Reschke upstream for the notification) I just added 4.0.10 and 4.5.5 to tree, removed the older versions (and changed USE flag to sqlite to follow php, supporting php-5.4.9)
Thanks, everyone.
