Subversion versions up to and including 1.0.5 have a bug in mod_authz_svn that allows users with write access to read portions of the repository that they do not have read access to. Subversion 1.0.6 and newer (including 1.1.0-rc1) are not vulnerable to this issue. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=128222 http://svn.collab.net/repos/svn/tags/1.0.6/CHANGES http://subversion.tigris.org/servlets/NewsItemView?newsItemID=832 ------- Additional Comments From dom 2004-09-07 14:22:33 ---- see also bug 1748. ------- Additional Comments From marcdeslauriers 2004-09-18 17:21:57 ---- This is a minor issue. Distros have not released updates for older versions of this. We should stick with bug 1748. I am closing this, if anyone thinks otherwise, it can be re-opened. ------- Bug moved to this database by dkl 2005-03-30 18:26 ------- This bug previously known as bug 1907 at https://bugzilla.fedora.us/ https://bugzilla.fedora.us/show_bug.cgi?id=1907 Originally filed under the Fedora Legacy product and Package request component. Unknown priority P2. Setting to default priority "normal". Unknown platform PC. Setting to default platform "All". Setting qa contact to the default for this product. This bug either had no qa contact or an invalid one.