Bug 152755 - Subversion- Improper repository authorization
Summary: Subversion- Improper repository authorization
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora Legacy
Classification: Retired
Component: Package request
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Fedora Legacy Bugs
QA Contact:
URL: https://bugzilla.redhat.com/bugzilla/...
Whiteboard: LEGACY, NEEDSWORK, rh90
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-07-21 14:39 UTC by Marc Deslauriers
Modified: 2008-05-01 15:38 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description David Lawrence 2005-03-30 23:26:19 UTC
Subversion versions up to and including 1.0.5 have a bug in
mod_authz_svn that allows users with write access to read
portions of the repository that they do not have read access
to.  Subversion 1.0.6 and newer (including 1.1.0-rc1) are not
vulnerable to this issue.

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=128222
http://svn.collab.net/repos/svn/tags/1.0.6/CHANGES
http://subversion.tigris.org/servlets/NewsItemView?newsItemID=832



------- Additional Comments From dom 2004-09-07 14:22:33 ----

see also bug 1748.



------- Additional Comments From marcdeslauriers 2004-09-18 17:21:57 ----

This is a minor issue. Distros have not released updates for older versions of this.

We should stick with bug 1748.

I am closing this, if anyone thinks otherwise, it can be re-opened.



------- Bug moved to this database by dkl 2005-03-30 18:26 -------

This bug previously known as bug 1907 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=1907
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.




Note You need to log in before you can comment on or make changes to this bug.