Sicherheit: Mehrere Probleme in OwnCloud - Pro-Linux

Name        : owncloud
Product     : Fedora 20
Version     : 7.0.5
Release     : 2.fc20
URL         : http://owncloud.org
Summary     : Private file sync and share server
Description :
ownCloud gives you universal access to your files through a web interface or
WebDAV. It also provides a platform to easily view & sync your contacts,
calendars and bookmarks across all your devices and enables basic editing right
on the web. ownCloud is extendable via a simple but powerful API for
applications and plugins.

-------------------------------------------------------------------------------
-
Update Information:

This update provides the new release 7.0.5, which resolves currently
 undisclosed security vulnerabilities in ownCloud.

It is a minor version update and should apply without any issues or special
 handling, but as usual, we recommend backing up your data, configuration, and database before updating.

We have also backported a post-7.0.5 fix for a 'critical' issue: https://github.com/owncloud/core/issues/14843 .
-------------------------------------------------------------------------------
-
ChangeLog:

* Tue Mar 24 2015 Adam Williamson <awilliam@redhat.com> - 7.0.5-2
- fix patch backported in previous build (upstream made a booboo)
* Mon Mar 23 2015 Adam Williamson <awilliam@redhat.com> - 7.0.5-1
- new release 7.0.5 (fixes yet-undisclosed vulns, #1204821 #1204823)
- also backport fix for 'severe' upstream issue #14843
* Sun Feb 22 2015 Adam Williamson <awilliam@redhat.com> - 7.0.4-3
- revise and strengthen Apache configuration layout, fix external apps
- fix external apps for Nginx
* Sat Dec 20 2014 Adam Williamson <awilliam@redhat.com> - 7.0.4-2
- backport upstream support for google PHP lib 1.x and unbundle it
* Tue Dec  9 2014 Adam Williamson <awilliam@redhat.com> - 7.0.4-1
- new release 7.0.4
* Tue Nov 25 2014 Adam Williamson <awilliam@redhat.com> - 7.0.3-3
- fix dropbox autoload patch (thanks Tomas Dolezal) #1168082
* Tue Nov 11 2014 Adam Williamson <awilliam@redhat.com> - 7.0.3-2
- drop unnecessary bits from 3rdparty_includes.patch
- split Dropbox loading changes into a separate patch (submitted upstream)
* Mon Nov 10 2014 Adam Williamson <awilliam@redhat.com> - 7.0.3-1
- new release 7.0.3
* Wed Oct 29 2014 Adam Williamson <awilliam@redhat.com> - 7.0.2-4
- db sub-packages should not depend on db server packages
- improve README
- improve db sub-package descriptions
- don't check for new versions or working .htaccess files
* Tue Oct 28 2014 Adam Williamson <awilliam@redhat.com> - 7.0.2-3
- drop unnecessary deps: php-gmp (#1152438) and Net_Curl(#999720)
- re-arrange deps in spec to be the way I like 'em
* Tue Sep  9 2014 Adam Williamson <awilliam@redhat.com> - 7.0.2-2
- 10927.patch: backport fix for an upgrade bug (upstream #10762)
* Thu Aug 28 2014 Adam Williamson <awilliam@redhat.com> - 7.0.2-1
- update to 7.0.2
- update patch for using Composer autoloader with 3rdparty deps
* Wed Aug 20 2014 Adam Williamson <awilliam@redhat.com> - 7.0.1-2
- make php directives in httpd config conditional on mod_php (FPM compat)
* Wed Aug 20 2014 Adam Williamson <awilliam@redhat.com> - 7.0.1-1
- update to 7.0.1
- drop contact_type.patch (merged upstream)
* Tue Jul 29 2014 Adam Williamson <awilliam@redhat.com> - 7.0.0-6
- do not ship upstream's 'updater' app (it'll only lead to
 tears)
- don't patch and ship OC's sample config, write a stub instead
* Tue Jul 29 2014 Adam Williamson <awilliam@redhat.com> - 7.0.0-5
- fix up sabre paths right this time
* Tue Jul 29 2014 Adam Williamson <awilliam@redhat.com> - 7.0.0-4
- more autoloader tweaking
- use composer not OC autoloader for legacy 3rdparty includes (core#9643)
- specify explicit paths to Sabre deps
* Sun Jul 27 2014 Adam Williamson <awilliam@redhat.com> - 7.0.0-3
- update apache config for OC 7 changes
- drop unneeded isoft/mssql-bundle from 3rdparty
* Sun Jul 27 2014 Adam Williamson <awilliam@redhat.com> - 7.0.0-2
- opcache_invalidate.patch: avoid triggering a crash in the PHP opcache
- contact_type.patch: fix selection of current field type in contact view
* Thu Jul 24 2014 Adam Williamson <awilliam@redhat.com> - 7.0.0-1
- 7.0.0
- rediff 3rdparty_includes.patch
- update 3rdparty strip commands and dependencies for upstream changes
- update dependencies
* Mon Jun 30 2014 Gregor Tätzner <brummbq@fedoraproject.org> - 6.0.4-1
- 6.0.4
* Sat Jun  7 2014 Fedora Release Engineering
 <rel-eng@lists.fedoraproject.org> - 6.0.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Thu May  1 2014 Gregor Tätzner <brummbq@fedoraproject.org> - 6.0.3-1
- 6.0.3
- update symfony routing patch
* Tue Mar  4 2014 Gregor Tätzner <brummbq@fedoraproject.org> - 6.0.2-1
- 6.0.2
* Mon Feb 24 2014 Adam Williamson <awilliam@redhat.com> - 6.0.1-3
- set a minimum ver on the DBAL req for safety (using with 2.3 is dangerous)
* Mon Jan 27 2014 Adam Williamson <awilliam@redhat.com> - 6.0.1-2
- unbundle phpseclib (packaged now)
* Thu Jan 23 2014 Gregor Tätzner <brummbq@fedoraproject.org> - 6.0.1-1
- 6.0.1
* Tue Jan 14 2014 Gregor Tätzner <brummbq@fedoraproject.org>  - 6.0.0a-9
- fix routing with symfony 2.3
* Fri Jan 10 2014 Adam Williamson <awilliam@redhat.com> - 6.0.0a-8
- make a warning OC keeps triggering into a debug message
* Thu Jan  9 2014 Adam Williamson <awilliam@redhat.com> - 6.0.0a-7
- re-enable irods, patch loading of it, add dependency on it
* Fri Jan  3 2014 Adam Williamson <awilliam@redhat.com> - 6.0.0a-6
- disable irods a bit harder
* Fri Jan  3 2014 Adam Williamson <awilliam@redhat.com> - 6.0.0a-5
- drop non-existent OC_User_IMAP from config file
* Fri Jan  3 2014 Adam Williamson <awilliam@redhat.com> - 6.0.0a-4
- apps_3rdparty_includes: fix more 3rdparty loading stuff
- disable_irods: disable storage app's irods (it's broken)
* Mon Dec 30 2013 Adam Williamson <awilliam@redhat.com> - 6.0.0a-3
- tar-include, blowfish-include, dropbox-include: fix more paths
* Mon Dec 30 2013 Adam Williamson <awilliam@redhat.com> - 6.0.0a-2
- dropbox-include.patch: fix loading of system copy of php-Dropbox
* Sun Dec 22 2013 Adam Williamson <awilliam@redhat.com> - 6.0.0a-1
- 6.0.0a
* Sun Dec 22 2013 Gregor Tätzner <brummbq@fedoraproject.org> - 6.0.0-1
- 6.0.0
* Fri Dec 20 2013 Adam Williamson <awilliam@redhat.com> - 5.0.14a-2
- Correct location of php-symfony-routing: #1045301
* Fri Dec 20 2013 Adam Williamson <awilliam@redhat.com> - 5.0.14a-1
- 5.0.14a
-------------------------------------------------------------------------------
-
References:

  [ 1 ] Bug #1204821 - owncloud: new security issues fixed upstream in 6.0.7
 and 7.0.5
        https://bugzilla.redhat.com/show_bug.cgi?id=1204821
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program.  Use
su -c 'yum update owncloud' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce