CVE-2007-3846 Vunerability

Skip to first unread message

F&F Technologies

Mar 22, 2023, 10:53:09 AMMar 22
to TortoiseSVN-dev
Good day all.

My organization is trying to use TortoiseSVN as a version control client. In researching, from the user group, it looks as though this may not be accepted as a vulnerability by TortoiseSVN.

The concern is that a macro can be executed which might harm a network. It appears that there are a number of steps to get there.

1. Can someone please advise if this was addressed?

2. If addressed, where might I find documentation on the resolution?

3. If not are there plans to?

4. If no plans requesting explanation why so I can present to organization.

I am hoping to obtain answer by end of day Thursday as I have a meeting to rebut objections.


Daniel Sahlberg

Mar 22, 2023, 11:48:08 AMMar 22
to TortoiseSVN-dev
In the title you mention CVE-2007-3846 but the link is something else. I assume this is a case of copy-paste error and assume it is CVE-2007-3846 you refer to.

Please see the Apache Subversion advisory:

The version numbers for TortoiseSVN and Apache Subversion are in general the same. Exceptions exist, for example within the 1.14 line, TortoiseSVN in general have a higher version number than the Apache Subversion library version.

Thus I'm sure TortoiseSVN version 1.14.5 are not affected by CVE-2007-3846.

Kind regards

F&F Technologies

Mar 22, 2023, 4:43:17 PMMar 22
to TortoiseSVN-dev
Good day Daniel.

Thank you for the prompt response. As in the other one, I could not find the resolution. But, this is exactly what we need to counter the opposition.

Yes, this was a pasting error.

Reply all
Reply to author
0 new messages