Daniel.
Thank you for the quick response. This definitely helps us to counter the
opposition. The objection was a reaction to the CVE being there. The team
asking for the software figured there was a fix as it was reported version
1.12.
CA
On Wednesday, March 22, 2023 at 12:10:20 PM UTC-4 Daniel Sahlberg wrote:
> onsdag 22 mars 2023 kl. 15:53:04 UTC+1 skrev F Technologies:
>
> Good day all.
>
> My organization is trying to use TortoiseSVN as a version control client.
> In researching, from the user group, it looks as though this may not be
> accepted as a vulnerability by TortoiseSVN.
>
> The concern is that a macro can be executed which might harm a network. It
> appears that there are a number of steps to get there.
>
> 1. Can someone please advise if this was addressed?
>
> 2. If addressed, where might I find documentation on the resolution?
>
> 3. If not are there plans to?
>
> 4. If no plans requesting explanation why so I can present to organization.
>
> I am hoping to obtain answer by end of day Thursday as I have a meeting to
> rebut objections.
>
> Thanks.
>
> https://www.cvedetails.com/cve/CVE-2019-14422/
>
>
> Please check r28647 of the diff script at
> https://svn.osdn.net/svnroot/tortoisesvn/trunk/contrib/diff-scripts/, it
> adds a protection layer by disabling macros:
>
> // disable all macros
> objExcelApp.AutomationSecurity = 3; //msoAutomationSecurityForceDisable
>
> Based on the date it seems to be in reaction to the CVE. It should have
> been included in the 1.13 release, it certainly is included as installed in
> 1.14.5.
>
> Kind regards,
> Daniel
>
>
--
You received this message because you are subscribed to the Google Groups
"TortoiseSVN-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to tortoisesvn-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/tortoisesvn-dev/fe8a5dc0-9684-41ad-874d-a37f8d8401b5n%40googlegroups.com.