Oval Definition:oval:org.mitre.oval:def:8066
Revision Date:2014-06-23Version:18
Title:DSA-1937 gforge -- insufficient input sanitising
Description:It was discovered that gforge, collaborative development tool, is prone to a cross-site scripting attack via the helpname parameter. Beside fixing this issue, the update also introduces some additional input sanitising. However, there are no known attack vectors. The oldstable distribution (etch), these problems have been fixed in version 4.5.14-22etch12.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2009-3303
DSA-1937
Platform(s):Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
Product(s):gforge
Definition Synopsis
  • Release section
  • Debian GNU/Linux 5.0 is installed
  • AND Installed architecture is all
  • AND Packages section
  • gforge-mta-courier is earlier than 4.7~rc2-7lenny2
  • OR gforge is earlier than 4.7~rc2-7lenny2
  • OR gforge-plugin-scmcvs is earlier than 4.7~rc2-7lenny2
  • OR gforge-common is earlier than 4.7~rc2-7lenny2
  • OR gforge-shell-postgresql is earlier than 4.7~rc2-7lenny2
  • OR gforge-plugin-scmsvn is earlier than 4.7~rc2-7lenny2
  • OR gforge-web-apache2 is earlier than 4.7~rc2-7lenny2
  • OR gforge-mta-postfix is earlier than 4.7~rc2-7lenny2
  • OR gforge-mta-exim4 is earlier than 4.7~rc2-7lenny2
  • OR gforge-lists-mailman is earlier than 4.7~rc2-7lenny2
  • OR gforge-web-apache is earlier than 4.7~rc2-7lenny2
  • OR gforge-db-postgresql is earlier than 4.7~rc2-7lenny2
  • OR gforge-ftp-proftpd is earlier than 4.7~rc2-7lenny2
  • OR gforge-plugin-mediawiki is earlier than 4.7~rc2-7lenny2
  • OR gforge-dns-bind9 is earlier than 4.7~rc2-7lenny2
  • OR Release section
  • Debian GNU/Linux 4.0 is installed.
  • AND Installed architecture is all
  • AND Packages section
  • gforge-ldap-openldap is earlier than 4.5.14-22etch12
  • OR gforge-mta-exim4 is earlier than 4.5.14-22etch12
  • OR gforge-mta-courier is earlier than 4.5.14-22etch12
  • OR gforge-db-postgresql is earlier than 4.5.14-22etch12
  • OR gforge is earlier than 4.5.14-22etch12
  • OR gforge-common is earlier than 4.5.14-22etch12
  • OR gforge-mta-postfix is earlier than 4.5.14-22etch12
  • OR gforge-shell-postgresql is earlier than 4.5.14-22etch12
  • OR gforge-shell-ldap is earlier than 4.5.14-22etch12
  • OR gforge-lists-mailman is earlier than 4.5.14-22etch12
  • OR gforge-web-apache is earlier than 4.5.14-22etch12
  • OR gforge-mta-exim is earlier than 4.5.14-22etch12
  • OR gforge-ftp-proftpd is earlier than 4.5.14-22etch12
  • OR gforge-dns-bind9 is earlier than 4.5.14-22etch12
    • BACK