onsdag 22 mars 2023 kl. 15:53:04 UTC+1 skrev F&F Technologies: Good day all.
My organization is trying to use TortoiseSVN as a version control client. In researching, from the user group, it looks as though this may not be accepted as a vulnerability by TortoiseSVN. The concern is that a macro can be executed which might harm a network. It appears that there are a number of steps to get there. 1. Can someone please advise if this was addressed? 2. If addressed, where might I find documentation on the resolution? 3. If not are there plans to? 4. If no plans requesting explanation why so I can present to organization. I am hoping to obtain answer by end of day Thursday as I have a meeting to rebut objections. Thanks. https://www.cvedetails.com/cve/CVE-2019-14422/ Please check r28647 of the diff script at https://svn.osdn.net/svnroot/tortoisesvn/trunk/contrib/diff-scripts/, it adds a protection layer by disabling macros: // disable all macros objExcelApp.AutomationSecurity = 3; //msoAutomationSecurityForceDisable Based on the date it seems to be in reaction to the CVE. It should have been included in the 1.13 release, it certainly is included as installed in 1.14.5. Kind regards, Daniel -- You received this message because you are subscribed to the Google Groups "TortoiseSVN-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to tortoisesvn-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/tortoisesvn-dev/55f3c4f1-4ef4-4841-82e5-ebc33ee9c599n%40googlegroups.com.
