Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2008-0173

It was discovered that Gforge, a collaborative development tool, did not properly sanitise some CGI parameters, allowing SQL injection in scripts related to RSS exports. For the old stable distribution (sarge), this problem has been fixed in version 3.1-31sarge5. For the stable distribution (etch), this problem has been fixed in version 4.5.14-22etch4. For the unstable distribution (sid), this problem has been fixed in version 4.6.99+svn6330-1. We recommend that you upgrade your gforge packages.

Source

Debian Security Advisory

DSA-1459-1 gforge -- insufficient input validation

Date Reported:

13 Jan 2008

Affected Packages:

gforge

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2008-0173.

More information:

It was discovered that Gforge, a collaborative development tool, did not properly sanitise some CGI parameters, allowing SQL injection in scripts related to RSS exports.

For the old stable distribution (sarge), this problem has been fixed in version 3.1-31sarge5.

For the stable distribution (etch), this problem has been fixed in version 4.5.14-22etch4.

For the unstable distribution (sid), this problem has been fixed in version 4.6.99+svn6330-1.

We recommend that you upgrade your gforge packages.

Fixed in:

Debian GNU/Linux 3.1 (oldstable)

Source:: http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1-31sarge5.diff.gz; http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1.orig.tar.gz; http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1-31sarge5.dsc
Architecture-independent component:: http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache_3.1-31sarge5_all.deb; http://security.debian.org/pool/updates/main/g/gforge/gforge-lists-mailman_3.1-31sarge5_all.deb; http://security.debian.org/pool/updates/main/g/gforge/gforge-ftp-proftpd_3.1-31sarge5_all.deb; http://security.debian.org/pool/updates/main/g/gforge/gforge-db-postgresql_3.1-31sarge5_all.deb; http://security.debian.org/pool/updates/main/g/gforge/gforge-common_3.1-31sarge5_all.deb; http://security.debian.org/pool/updates/main/g/gforge/gforge-dns-bind9_3.1-31sarge5_all.deb; http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1-31sarge5_all.deb; http://security.debian.org/pool/updates/main/g/gforge/gforge-cvs_3.1-31sarge5_all.deb; http://security.debian.org/pool/updates/main/g/gforge/gforge-sourceforge-transition_3.1-31sarge5_all.deb; http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim_3.1-31sarge5_all.deb; http://security.debian.org/pool/updates/main/g/gforge/sourceforge_3.1-31sarge5_all.deb; http://security.debian.org/pool/updates/main/g/gforge/gforge-ldap-openldap_3.1-31sarge5_all.deb; http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-postfix_3.1-31sarge5_all.deb; http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim4_3.1-31sarge5_all.deb; http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-ldap_3.1-31sarge5_all.deb

Debian GNU/Linux 4.0 (stable)

Source:: http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14.orig.tar.gz; http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch4.diff.gz; http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch4.dsc
Architecture-independent component:: http://security.debian.org/pool/updates/main/g/gforge/gforge-dns-bind9_4.5.14-22etch4_all.deb; http://security.debian.org/pool/updates/main/g/gforge/gforge-ldap-openldap_4.5.14-22etch4_all.deb; http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-courier_4.5.14-22etch4_all.deb; http://security.debian.org/pool/updates/main/g/gforge/gforge-db-postgresql_4.5.14-22etch4_all.deb; http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-postgresql_4.5.14-22etch4_all.deb; http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch4_all.deb; http://security.debian.org/pool/updates/main/g/gforge/gforge-ftp-proftpd_4.5.14-22etch4_all.deb; http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim_4.5.14-22etch4_all.deb; http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim4_4.5.14-22etch4_all.deb; http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache_4.5.14-22etch4_all.deb; http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-ldap_4.5.14-22etch4_all.deb; http://security.debian.org/pool/updates/main/g/gforge/gforge-lists-mailman_4.5.14-22etch4_all.deb; http://security.debian.org/pool/updates/main/g/gforge/gforge-common_4.5.14-22etch4_all.deb; http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-postfix_4.5.14-22etch4_all.deb

MD5 checksums of the listed files are available in the original advisory.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

DSA-1459-1 gforge -- insufficient input validation

Debian Security Advisory

DSA-1459-1 gforge -- insufficient input validation

Debian GNU/Linux 3.1 (oldstable)

Debian GNU/Linux 4.0 (stable)

Vulmon Search

About

Products

Connect