Upstream changelog [1] lists two security fixes in 5.0.5 and 4.5.10: Security: XSS in flashmediaelement.swf (oC-SA-2013-017) Security: Authentication bypass in calendar (oC-SA-2013-018) oC-SA-2013-017 has been assigned [2] CVE-2013-1967. The details of these issues have not yet been released on upstream's advisory page [3]. [1] http://owncloud.org/changelog/ [2] http://seclists.org/oss-sec/2013/q2/111 [3] http://owncloud.org/about/security/advisories
5.0.5 And 4.5.10 are in tree now, I removed vulnerable 5.0.4 and 4.5.9 ebuilds
(In reply to comment #1) > 5.0.5 And 4.5.10 are in tree now, I removed vulnerable 5.0.4 and 4.5.9 > ebuilds Thanks, Bernard. Closing noglsa for ~arch only.