Oval Definition:oval:org.mitre.oval:def:13586
Revision Date:2014-06-23Version:20
Title:DSA-1937-1 gforge -- insufficient input sanitising
Description:It was discovered that gforge, collaborative development tool, is prone to a cross-site scripting attack via the helpname parameter. Beside fixing this issue, the update also introduces some additional input sanitising. However, there are no known attack vectors. For the stable distribution, these problem have been fixed in version 4.7~rc2-7lenny2. The oldstable distribution, these problems have been fixed in version 4.5.14-22etch12. For the testing distribution and the unstable distribution, these problems have been fixed in version 4.8.1-3. We recommend that you upgrade your gforge packages.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2009-3303
DSA-1937-1
Platform(s):Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
Product(s):gforge
Definition Synopsis
  • Release section
  • Debian GNU/Linux 5.0 is installed
  • AND Installed architecture is all
  • AND Packages section
  • gforge-mta-exim4 DPKG is earlier than 4.7~rc2-7lenny2
  • OR gforge-mta-courier DPKG is earlier than 4.7~rc2-7lenny2
  • OR gforge-plugin-scmcvs DPKG is earlier than 4.7~rc2-7lenny2
  • OR gforge DPKG is earlier than 4.7~rc2-7lenny2
  • OR gforge-common DPKG is earlier than 4.7~rc2-7lenny2
  • OR gforge-plugin-scmsvn DPKG is earlier than 4.7~rc2-7lenny2
  • OR gforge-web-apache2 DPKG is earlier than 4.7~rc2-7lenny2
  • OR gforge-mta-postfix DPKG is earlier than 4.7~rc2-7lenny2
  • OR gforge-shell-postgresql DPKG is earlier than 4.7~rc2-7lenny2
  • OR gforge-lists-mailman DPKG is earlier than 4.7~rc2-7lenny2
  • OR gforge-web-apache DPKG is earlier than 4.7~rc2-7lenny2
  • OR gforge-db-postgresql DPKG is earlier than 4.7~rc2-7lenny2
  • OR gforge-ftp-proftpd DPKG is earlier than 4.7~rc2-7lenny2
  • OR gforge-plugin-mediawiki DPKG is earlier than 4.7~rc2-7lenny2
  • OR gforge-dns-bind9 DPKG is earlier than 4.7~rc2-7lenny2
  • OR Release section
  • Debian GNU/Linux 4.0 is installed.
  • AND Installed architecture is all
  • AND Packages section
  • gforge-ldap-openldap DPKG is earlier than 4.5.14-22etch12
  • OR gforge-mta-exim4 DPKG is earlier than 4.5.14-22etch12
  • OR gforge-mta-courier DPKG is earlier than 4.5.14-22etch12
  • OR gforge-db-postgresql DPKG is earlier than 4.5.14-22etch12
  • OR gforge DPKG is earlier than 4.5.14-22etch12
  • OR gforge-common DPKG is earlier than 4.5.14-22etch12
  • OR gforge-mta-postfix DPKG is earlier than 4.5.14-22etch12
  • OR gforge-shell-postgresql DPKG is earlier than 4.5.14-22etch12
  • OR gforge-shell-ldap DPKG is earlier than 4.5.14-22etch12
  • OR gforge-lists-mailman DPKG is earlier than 4.5.14-22etch12
  • OR gforge-web-apache DPKG is earlier than 4.5.14-22etch12
  • OR gforge-mta-exim DPKG is earlier than 4.5.14-22etch12
  • OR gforge-ftp-proftpd DPKG is earlier than 4.5.14-22etch12
  • OR gforge-dns-bind9 DPKG is earlier than 4.5.14-22etch12
    • BACK