The permission check for owner was checking the wrong field,
which would make it possible for anyone to update the Service
Provider owner, making it possible for anyone to change the
SP owner, allowing anyone to change the SP name.
Fixes: CVE-2015-5217
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com> Reviewed-by: Rob Crittenden <rcritten@redhat.com>
projects / cascardo / ipsilon.git / commitdiff