Oval Definition:oval:org.mitre.oval:def:13506
Revision Date:2014-06-23Version:20
Title:DSA-1818-1 gforge -- insufficient input sanitising
Description:Laurent Almeras and Guillaume Smet have discovered a possible SQL injection vulnerability and cross-site scripting vulnerabilities in gforge, a collaborative development tool. Due to insufficient input sanitising, it was possible to inject arbitrary SQL statements and use several parameters to conduct cross-site scripting attacks. For the stable distribution, these problem have been fixed in version 4.7~rc2-7lenny1. The oldstable distribution, these problems have been fixed in version 4.5.14-22etch11. For the testing distribution, these problems will be fixed soon. For the unstable distribution, these problems have been fixed in version 4.7.3-2. We recommend that you upgrade your gforge packages.
Family:unixClass:patch
Status:ACCEPTEDReference(s):DSA-1818-1
Platform(s):Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
Product(s):gforge
Definition Synopsis
  • Release section
  • Debian GNU/Linux 5.0 is installed
  • AND Installed architecture is all
  • AND Packages section
  • gforge-mta-courier DPKG is earlier than 4.7~rc2-7lenny1
  • OR gforge-ftp-proftpd DPKG is earlier than 4.7~rc2-7lenny1
  • OR gforge-plugin-scmcvs DPKG is earlier than 4.7~rc2-7lenny1
  • OR gforge-common DPKG is earlier than 4.7~rc2-7lenny1
  • OR gforge-plugin-scmsvn DPKG is earlier than 4.7~rc2-7lenny1
  • OR gforge-web-apache2 DPKG is earlier than 4.7~rc2-7lenny1
  • OR gforge-mta-postfix DPKG is earlier than 4.7~rc2-7lenny1
  • OR gforge-mta-exim4 DPKG is earlier than 4.7~rc2-7lenny1
  • OR gforge-lists-mailman DPKG is earlier than 4.7~rc2-7lenny1
  • OR gforge-web-apache DPKG is earlier than 4.7~rc2-7lenny1
  • OR gforge-db-postgresql DPKG is earlier than 4.7~rc2-7lenny1
  • OR gforge DPKG is earlier than 4.7~rc2-7lenny1
  • OR gforge-shell-postgresql DPKG is earlier than 4.7~rc2-7lenny1
  • OR gforge-plugin-mediawiki DPKG is earlier than 4.7~rc2-7lenny1
  • OR gforge-dns-bind9 DPKG is earlier than 4.7~rc2-7lenny1
  • OR Release section
  • Debian GNU/Linux 4.0 is installed.
  • AND Installed architecture is all
  • AND Packages section
  • gforge-ldap-openldap DPKG is earlier than 4.5.14-22etch11
  • OR gforge-mta-courier DPKG is earlier than 4.5.14-22etch11
  • OR gforge-mta-exim DPKG is earlier than 4.5.14-22etch11
  • OR gforge DPKG is earlier than 4.5.14-22etch11
  • OR gforge-common DPKG is earlier than 4.5.14-22etch11
  • OR gforge-shell-postgresql DPKG is earlier than 4.5.14-22etch11
  • OR gforge-mta-postfix DPKG is earlier than 4.5.14-22etch11
  • OR gforge-mta-exim4 DPKG is earlier than 4.5.14-22etch11
  • OR gforge-shell-ldap DPKG is earlier than 4.5.14-22etch11
  • OR gforge-lists-mailman DPKG is earlier than 4.5.14-22etch11
  • OR gforge-web-apache DPKG is earlier than 4.5.14-22etch11
  • OR gforge-db-postgresql DPKG is earlier than 4.5.14-22etch11
  • OR gforge-ftp-proftpd DPKG is earlier than 4.5.14-22etch11
  • OR gforge-dns-bind9 DPKG is earlier than 4.5.14-22etch11
  • BACK