CVE-2007-3846 Vunerability
32 views
Skip to first unread message
F&F Technologies
Mar 22, 2023, 10:53:09 AM3/22/23
to TortoiseSVN-dev
Good day all.
My
organization is trying to use TortoiseSVN as a version control client.
In researching, from the user group, it looks as though this may not be
accepted as a vulnerability by TortoiseSVN.
The
concern is that a macro can be executed which might harm a network. It
appears that there are a number of steps to get there.
1. Can someone please advise if this was addressed?
2. If addressed, where might I find documentation on the resolution?
4. If no plans requesting explanation why so I can present to organization.
I am hoping to obtain answer by end of day Thursday as I have a meeting to rebut objections.
Thanks.
Daniel Sahlberg
Mar 22, 2023, 11:48:08 AM3/22/23
to TortoiseSVN-dev
In the title you mention CVE-2007-3846 but the link is something else. I assume this is a case of copy-paste error and assume it is CVE-2007-3846 you refer to.
Please see the Apache Subversion advisory:
The version numbers for TortoiseSVN and Apache Subversion are in general the same. Exceptions exist, for example within the 1.14 line, TortoiseSVN in general have a higher version number than the Apache Subversion library version.
Thus I'm sure TortoiseSVN version 1.14.5 are not affected by CVE-2007-3846.
Kind regards
Daniel
F&F Technologies
Mar 22, 2023, 4:43:17 PM3/22/23
to TortoiseSVN-dev
Good day Daniel.
Thank you for the prompt response. As in the other one, I could not find the resolution. But, this is exactly what we need to counter the opposition.
Yes, this was a pasting error.
CA
Reply all
Reply to author
Forward
0 new messages