Red Hat Bugzilla – Bug 1262928
CVE-2015-0853 pysvn: Insecure use of os.system() in Workbench
Last modified: 2015-10-21 10:54:11 EDT
A vulnerability in Workbench was found. If a user was tricked into using the "Command Shell" menu item while in a directory with a specially-crafted name, svn-workbench would execute arbitrary commands with the permissions of the user.
Reproducer available at:
Created pysvn tracking bugs for this issue:
Affects: fedora-all [bug 1262929]
Affects: epel-all [bug 1262930]
According to the reproducer page, this affects the svn-workbench project, not pysvn. svn-workbench produced by the same upstream, but there is no such vulnerability in pysvn.
Fedora does not ship svn-workbench, so closing all as NOTABUG.