243757 – (CVE-2007-2448) CVE-2007-2448 subversion: revision properties disclosure to user with partial access

Bug 243757 (CVE-2007-2448) - CVE-2007-2448 subversion: revision properties disclosure to user with partial access

Summary: CVE-2007-2448 subversion: revision properties disclosure to user with partial...

Keywords:
Status:	CLOSED WONTFIX
Alias:	CVE-2007-2448
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:	http://svn.collab.net/repos/svn/tags/...
Whiteboard:
Duplicates (1):	242041 (view as bug list)
Depends On:	243856 243857 243858
Blocks:
TreeView+	depends on / blocked

Reported:	2007-06-11 18:40 UTC by Red Hat Product Security
Modified:	2021-11-12 19:39 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2011-01-25 20:32:41 UTC
Embargoed:

Attachments	(Terms of Use)

Description Lubomir Kundrak 2007-06-11 18:40:39 UTC

Description of problem:

If someone would copy a file from a restricted part of the repository to an
unrestricted part, the revision properties of that commit would become
unrestricted.

Comment 5 Tomas Hoger 2008-01-16 09:20:22 UTC

Upstream advisory with further details:

  http://subversion.tigris.org/security/CVE-2007-2448-advisory.txt

Fixed in upstream version: 1.4.4

Comment 6 Tomas Hoger 2008-01-16 09:21:09 UTC

*** Bug 242041 has been marked as a duplicate of this bug. ***

Comment 8 Red Hat Bugzilla 2009-10-23 19:03:41 UTC

Reporter changed to security-response-team by request of Jay Turner.

Comment 9 Josh Bressers 2011-01-25 20:32:41 UTC

This was fixed in RHEL5 by RHEA-2010:9860 when subversion was upgraded to version 1.6.11.

Given the limited life left for RHEL4, and the extremely low severity of this issue, I'm closing this bug as WONTFIX.

Note You need to log in before you can comment on or make changes to this bug.