Fedora Account System
Red Hat Associate
Red Hat Customer
Due to not properly checking the ownership of an calendar, an authenticated attacker is able to download calendars of other users via the “calid” GET parameter to export.php in /apps/calendar/ Affected versions: owncloud < 8.1.1 owncloud < 8.0.6 owncloud < 7.0.8 External reference: https://owncloud.org/security/advisory/?id=oc-sa-2015-015
Created owncloud tracking bugs for this issue: Affects: fedora-all [bug 1264368] Affects: epel-6 [bug 1264369] Affects: epel-7 [bug 1264371]
8.0.7 is pending stable for all releases except EL6 now. We need to bump EL6 to 7.0.10, for https://bugzilla.redhat.com/show_bug.cgi?id=1254908#c7 .
All dependent bugs closed.
(In reply to Shawn Iwinski from comment #3) > All dependent bugs closed. Thank you!