Summary: | dev-util/subversion Information disclosure (CVE-2007-2448) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | apache-bugs |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://subversion.tigris.org/security/CVE-2007-2448-advisory.txt | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Sune Kloppenborg Jeppesen (RETIRED)
2007-11-09 19:27:49 UTC
i have just added 1.4.5 to the tree with many fixes. this is the next candidate for stabilization Thx Benedikt. Is this one ready for stable marking now? (In reply to comment #2) > Is this one ready for stable marking now? Yes. There's nothing new for UNIX-like systems. 1.4.5 contains only a fix for Windows. Arches, please test and mark stable dev-util/subversion-1.4.5. Target keywords : "alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sh sparc x86" Oh, wait. Hollow, is that an authoritative answer? (In reply to comment #5) > Oh, wait. Hollow, is that an authoritative answer? Yes. I belong to Subversion upstream and I don't have bad intentions. http://subversion.tigris.org/servlets/ReadMsg?list=users&msgNo=69413 1.4.5 works identically as 1.4.4 on GNU/Linux and *BSD. yep, go for stabilization :) (In reply to comment #6) > Yes. I belong to Subversion upstream and I don't have bad intentions. I didn't mean you have bad intentions, just that I first thought you were in the Gentoo Apache team. And we have 1.3.* stable right now, so this is not a tiny bump. x86 stable stable on sparc alpha/ia64 stable Stable for HPPA, despite: IUSE.invalid 1 dev-util/subversion/subversion-1.4.5.ebuild: svnserve ppc64 stable ppc stable amd64 done... GLSA vote is open. I vote NO since this this vulnerability is rare and with little impact, quoting: "data is not commonly copied from a private location to a public one... only reveal the contents of properties, not the revision's changed-paths information. And, of course, this bug does not permit anyone to see file contents or directory listings that they should not." voting NO too and closing. Does not affect current (2008.0) release. Removing release. |