Debian testing security team - Advisory
DTSA-57-1
Date Reported:
September 9, 2007
Affected Package:
gforge
Vulnerability:
sql injection
Problem-Scope:
remote
Debian-specific:
No
CVE:
CVE-2007-3913
More information:
The gforge collaborative development environment is prone
to an SQL injection due to insufficient input sanitizing.
CVE-2007-3913
SQL injection vulnerability in Gforge before 3.1 allows
remote attackers to execute arbitrary SQL commands via
unspecified vectors.
For the testing distribution (lenny) this is fixed in version 4.5.14-23lenny2
For the unstable distribution (sid) this is fixed in version 4.6.99+svn6086-1
This upgrade is recommended if you use gforge.
If you have the secure testing lines in your sources.list, you can update by running this command as root:
apt-get update && apt-get upgrade
To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:
deb http://security.debian.org/ testing/updates main contrib non-free
deb-src http://security.debian.org/ testing/updates main contrib non-free