Due to a incorrect usage of the getOwner function of the ownCloud virtual filesystem,done authenticated users with incoming shares of other users are able to access files beginning with ".v" of the sharing user. This can only be exploited if the "files_versions" application is enabled on the server. External Reference: https://owncloud.org/security/advisory/?id=oc-sa-2016-003
Created owncloud tracking bugs for this issue: Affects: fedora-all [bug 1297358] Affects: epel-6 [bug 1297359] Affects: epel-7 [bug 1297360]
Versions that fix this have been released to ask supported distributions, closing.