Oval Definition:oval:org.mitre.oval:def:8100
Revision Date:2014-06-23Version:18
Title:DSA-1818 gforge -- insufficient input sanitising
Description:Laurent Almeras and Guillaume Smet have discovered a possible SQL injection vulnerability and cross-site scripting vulnerabilities in gforge, a collaborative development tool. Due to insufficient input sanitising, it was possible to inject arbitrary SQL statements and use several parameters to conduct cross-site scripting attacks.
Family:unixClass:patch
Status:ACCEPTEDReference(s):DSA-1818
Platform(s):Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
Product(s):gforge
Definition Synopsis
  • Release section
  • Debian GNU/Linux 5.0 is installed
  • AND Installed architecture is all
  • AND Packages section
  • gforge-mta-courier is earlier than 4.7~rc2-7lenny1
  • OR gforge is earlier than 4.7~rc2-7lenny1
  • OR gforge-plugin-scmcvs is earlier than 4.7~rc2-7lenny1
  • OR gforge-common is earlier than 4.7~rc2-7lenny1
  • OR gforge-shell-postgresql is earlier than 4.7~rc2-7lenny1
  • OR gforge-plugin-scmsvn is earlier than 4.7~rc2-7lenny1
  • OR gforge-web-apache2 is earlier than 4.7~rc2-7lenny1
  • OR gforge-mta-postfix is earlier than 4.7~rc2-7lenny1
  • OR gforge-mta-exim4 is earlier than 4.7~rc2-7lenny1
  • OR gforge-lists-mailman is earlier than 4.7~rc2-7lenny1
  • OR gforge-web-apache is earlier than 4.7~rc2-7lenny1
  • OR gforge-db-postgresql is earlier than 4.7~rc2-7lenny1
  • OR gforge-ftp-proftpd is earlier than 4.7~rc2-7lenny1
  • OR gforge-plugin-mediawiki is earlier than 4.7~rc2-7lenny1
  • OR gforge-dns-bind9 is earlier than 4.7~rc2-7lenny1
  • OR Release section
  • Debian GNU/Linux 4.0 is installed.
  • AND Installed architecture is all
  • AND Packages section
  • gforge-ldap-openldap is earlier than 4.5.14-22etch11
  • OR gforge-mta-courier is earlier than 4.5.14-22etch11
  • OR gforge-mta-exim is earlier than 4.5.14-22etch11
  • OR gforge is earlier than 4.5.14-22etch11
  • OR gforge-common is earlier than 4.5.14-22etch11
  • OR gforge-shell-postgresql is earlier than 4.5.14-22etch11
  • OR gforge-mta-postfix is earlier than 4.5.14-22etch11
  • OR gforge-mta-exim4 is earlier than 4.5.14-22etch11
  • OR gforge-shell-ldap is earlier than 4.5.14-22etch11
  • OR gforge-lists-mailman is earlier than 4.5.14-22etch11
  • OR gforge-web-apache is earlier than 4.5.14-22etch11
  • OR gforge-db-postgresql is earlier than 4.5.14-22etch11
  • OR gforge-ftp-proftpd is earlier than 4.5.14-22etch11
  • OR gforge-dns-bind9 is earlier than 4.5.14-22etch11
    • BACK