Bug 243757 - (CVE-2007-2448) CVE-2007-2448 subversion: revision properties disclosure to user with partial access
CVE-2007-2448 subversion: revision properties disclosure to user with partial...
Status: CLOSED WONTFIX
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
http://svn.collab.net/repos/svn/tags/...
impact=low,public=20071106,reported=2...
: Security
: 242041 (view as bug list)
Depends On: 243856 243857 243858
Blocks:
  Show dependency treegraph
 
Reported: 2007-06-11 14:40 EDT by Red Hat Product Security
Modified: 2011-11-18 08:35 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-01-25 15:32:41 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Lubomir Kundrak 2007-06-11 14:40:39 EDT
Description of problem:

If someone would copy a file from a restricted part of the repository to an
unrestricted part, the revision properties of that commit would become
unrestricted.
Comment 5 Tomas Hoger 2008-01-16 04:20:22 EST
Upstream advisory with further details:

  http://subversion.tigris.org/security/CVE-2007-2448-advisory.txt

Fixed in upstream version: 1.4.4
Comment 6 Tomas Hoger 2008-01-16 04:21:09 EST
*** Bug 242041 has been marked as a duplicate of this bug. ***
Comment 8 Red Hat Bugzilla 2009-10-23 15:03:41 EDT
Reporter changed to security-response-team@redhat.com by request of Jay Turner.
Comment 9 Josh Bressers 2011-01-25 15:32:41 EST
This was fixed in RHEL5 by RHEA-2010:9860 when subversion was upgraded to version 1.6.11.

Given the limited life left for RHEL4, and the extremely low severity of this issue, I'm closing this bug as WONTFIX.

Note You need to log in before you can comment on or make changes to this bug.