Comment 6 for bug 1384355

First I should note that we could use Debian's packages as a start for updating these packages. http://snapshot.debian.org/package/owncloud/

Debian versions available:
5.0.13+dfsg-2 or 5.0.14.a+dfsg-1
6.0.4+dfsg-1 or 6.0.3+dfsg-2

Ubuntu versions:
6.0.1+dfsg-1ubuntu1 trusty
5.0.4debian-0ubuntu1~ubuntu12.04 precise

Owncloud versions with release dates:
Version 7.0.2 August 28th 2014
Version 6.0.5 August 28th 2014
Version 5.0.17 June 23rd 2014

The proposed package suggests updating with OBS or juju and that would upgrade to either 7.0.1 (juju) or 7.0.2 (OBS) depending on the choice.
The 5.x and 6.x versions of owncloud still have supported upstream packages which are less likely to break things:
http://download.opensuse.org/repositories/isv:/ownCloud:/community:/5.0/xUbuntu_12.04/
http://download.opensuse.org/repositories/isv:/ownCloud:/community:/6.0/xUbuntu_14.04/

The trusty package also points to https://jujucharms.com/precise/owncloud/. One might wonder if the juju charm won't work for trusty.

I have tried to identify the CVE patch sets without much success thus far.

Support for the 5.x series will likely be ending within 6 months and it will require more work to update security patches included in 5.0.17.

Would the SRU team accept an updated package based on the Debian's 6.0.4+dfsg-1 package for trusty?