Debian Project

Debian testing security team - Advisory

DTSA-57-1

Date Reported:
September 9, 2007
Affected Package:
gforge
Vulnerability:
sql injection
Problem-Scope:
remote
Debian-specific:
No
CVE:
CVE-2007-3913

More information:
The gforge collaborative development environment is prone 
to an SQL injection due to insufficient input sanitizing. 
 
CVE-2007-3913 
 
SQL injection vulnerability in Gforge before 3.1 allows 
remote attackers to execute arbitrary SQL commands via 
unspecified vectors. 

For the testing distribution (lenny) this is fixed in version 4.5.14-23lenny2
For the unstable distribution (sid) this is fixed in version 4.6.99+svn6086-1

This upgrade is recommended if you use gforge.

If you have the secure testing lines in your sources.list, you can update by running this command as root:
apt-get update && apt-get upgrade


To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:

deb http://security.debian.org/ testing/updates main contrib non-free
deb-src http://security.debian.org/ testing/updates main contrib non-free


Valid HTML 4.01! Valid CSS!