On Mon, Apr 22, 2013 at 11:34:27AM -0700, Kees Cook wrote: > On Thu, Apr 18, 2013 at 04:11:49PM +0100, Jonathan Riddell wrote: > > Owncloud is a package which doesn't like to work on our 6 monthly > > timetable. It has many security vulnerabilities and 3rd party php and > > javascript libraries which are often not packaged in older versions of > > Ubuntu. It's been suggested that the tech board might allow it to be > > updated wholesale to new versions including adding the shipped 3rd party > > libraries to the package as needed, so I've prepared these > > > > https://bugs.launchpad.net/ubuntu/+source/owncloud/+bug/1079150 > > > > Does the tech board approve of updating these as a SRU? > > Is there any hope of having the security problems in the libraries fixed > directly? That would be much nicer; it'd fix anyone using those libraries > beyond just owncloud...
I don't know of security problems in the libraries. The security issues will be in Owncloud itself and the only remedy from upstream is to upgrade to a newer version which often needs newer library versions. Jonathan -- technical-board mailing list technical-board@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/technical-board
