Wednesday, 22 October 2014

Request: Removal of "ownCloud" package from ubuntu

Hi list members,

On behalf of the ownCloud project (www.owncloud.org) I'm requesting that "ownCloud server" is removed from the Ubuntu packages: http://packages.ubuntu.com/trusty/owncloud (including all versions) - Let's hope that this is finally the right ML for this kind of request.

These packaged versions are all vulnerable to multiple critical security bugs and no security fixes have been backported, for a reference of security bugs please visit http://owncloud.org/security/advisories/
Those security bugs allows an unauthenticated attacker to gain complete control about the web server process.

We would highly appreciate if those insecure packages could get removed. On a related note, even the Debian project has decided to only package the most recent release of ownCloud via their backports repository (https://packages.debian.org/wheezy-backports/owncloud)
Furthermore, we're also offering DEB packages via OBS by ourself: http://owncloud.org/install/

Is there anything I can do to get this done? - We're faced with more and more users which have those versions installed and this is very troubling.

Thanks,
Lukas

--
ubuntu-devel mailing list
[email protected]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel