onsdag 22 mars 2023 kl. 15:53:09 UTC+1 skrev F&F Technologies: Good day all.
My organization is trying to use TortoiseSVN as a version control client. In researching, from the user group, it looks as though this may not be accepted as a vulnerability by TortoiseSVN. The concern is that a macro can be executed which might harm a network. It appears that there are a number of steps to get there. 1. Can someone please advise if this was addressed? 2. If addressed, where might I find documentation on the resolution? 3. If not are there plans to? 4. If no plans requesting explanation why so I can present to organization. I am hoping to obtain answer by end of day Thursday as I have a meeting to rebut objections. Thanks. https://www.cvedetails.com/cve/CVE-2019-14422/ In the title you mention CVE-2007-3846 but the link is something else. I assume this is a case of copy-paste error and assume it is CVE-2007-3846 you refer to. Please see the Apache Subversion advisory: https://subversion.apache.org/security/CVE-2007-3846-advisory.txt The version numbers for TortoiseSVN and Apache Subversion are in general the same. Exceptions exist, for example within the 1.14 line, TortoiseSVN in general have a higher version number than the Apache Subversion library version. Thus I'm sure TortoiseSVN version 1.14.5 are not affected by CVE-2007-3846. Kind regards Daniel -- You received this message because you are subscribed to the Google Groups "TortoiseSVN-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to tortoisesvn-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/tortoisesvn-dev/601a953a-5a53-40ff-8fff-b6faea1ac731n%40googlegroups.com.