Per http://owncloud.org/releases/Changelog, both branches have a fix for a security issue (will be disclosed in two weeks) I added 5.0.17 and 6.0.4 in tree, and removed older versions
Thank you Bernard. It will be interesting to see what the undisclosed security fix is, so will set the appropriate vulnerability level once we know. Until then; as far as I can see this package has never been stabilized so would not require a glsa, meaning you've really solved it already :)
Maintainers, thank you for your work. We are going to leave it in [cleanup] whiteboard so that we can add vulnerability and CVE when they are released.
CVE-2014-4929 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4929): Directory traversal vulnerability in the routing component in ownCloud Server before 5.0.17 and 6.0.x before 6.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a filename, related to index.php.