Two vulnerabilities were fixed in radicale, a CardDAV/CalDAV server. CVE-2015-8747 The multifilesystem storage backend allows read and write access to arbitrary files . CVE-2015-8748 If an attacker is able to authenticate with a user name like `.*", he can bypass read/write limitations imposed by regex-based rules, including the built-in rules `owner_write" and `owner_only" .