[SECURITY] [DTSA-57-1] New gforge packages fix sql injection
- Subject: [SECURITY] [DTSA-57-1] New gforge packages fix sql injection
- From: nion at debian.org (Nico Golde)
- Date: Fri, 7 Sep 2007 22:18:11 +0200
- Message-id: <[🔎] 20070907201811.GA8418@ngolde.de>
- --------------------------------------------------------------------------
Debian Testing Security Advisory DTSA-57-1 September 9th, 2007
secure-testing-team at lists.alioth.debian.org Nico Golde
http://secure-testing-master.debian.net/
- --------------------------------------------------------------------------
Package : gforge
Vulnerability : sql injection
Problem-Scope : remote
Debian-specific: no
CVE ID : CVE-2007-3913
The gforge collaborative development environment is prone
to an SQL injection due to insufficient input sanitizing.
For the testing distribution (lenny) this is fixed in version
4.5.14-23lenny2
For the unstable distribution (sid) this is fixed in version
4.6.99+svn6086-1
This upgrade is recommended if you use gforge (gforge-web-apache).
Upgrade Instructions
- --------------------
To use the Debian testing security archive, add the following lines to
your /etc/apt/sources.list:
deb http://security.debian.org/ testing/updates main contrib non-free
deb-src http://security.debian.org/ testing/updates main contrib non-free
To install the update, run this command as root:
apt-get update && apt-get upgrade
For further information about the Debian testing security team, please refer
to http://secure-testing-master.debian.net/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-announce/attachments/20070907/3549d3ed/attachment.pgp
Reply to: