Bug 243757 (CVE-2007-2448) - CVE-2007-2448 subversion: revision properties disclosure to user with partial access
Summary: CVE-2007-2448 subversion: revision properties disclosure to user with partial...
Status: CLOSED WONTFIX
Alias: CVE-2007-2448
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://svn.collab.net/repos/svn/tags/...
Whiteboard: impact=low,public=20071106,reported=2...
Keywords: Security
: 242041 (view as bug list)
Depends On: 243856 243857 243858
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-06-11 18:40 UTC by Red Hat Product Security
Modified: 2019-06-08 12:20 UTC (History)
2 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2011-01-25 20:32:41 UTC


Attachments (Terms of Use)

Description Lubomir Kundrak 2007-06-11 18:40:39 UTC
Description of problem:

If someone would copy a file from a restricted part of the repository to an
unrestricted part, the revision properties of that commit would become
unrestricted.

Comment 5 Tomas Hoger 2008-01-16 09:20:22 UTC
Upstream advisory with further details:

  http://subversion.tigris.org/security/CVE-2007-2448-advisory.txt

Fixed in upstream version: 1.4.4

Comment 6 Tomas Hoger 2008-01-16 09:21:09 UTC
*** Bug 242041 has been marked as a duplicate of this bug. ***

Comment 8 Red Hat Bugzilla 2009-10-23 19:03:41 UTC
Reporter changed to security-response-team@redhat.com by request of Jay Turner.

Comment 9 Josh Bressers 2011-01-25 20:32:41 UTC
This was fixed in RHEL5 by RHEA-2010:9860 when subversion was upgraded to version 1.6.11.

Given the limited life left for RHEL4, and the extremely low severity of this issue, I'm closing this bug as WONTFIX.


Note You need to log in before you can comment on or make changes to this bug.