From 5e365ca154b3c7601eef1b5102c799d84ffaa4e2 Mon Sep 17 00:00:00 2001 From: Nico Golde Date: Fri, 7 Sep 2007 20:42:11 +0000 Subject: releasing DTSA-57-1 git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@6541 e39458fd-73e7-0310-bf30-c45bca0a0e42 --- data/DTSA/list | 2 +- website/DTSA/DTSA-57-1.html | 90 +++++++++++++++++++++++++++++++++++++++++++++ website/list.html | 4 +- 3 files changed, 94 insertions(+), 2 deletions(-) create mode 100644 website/DTSA/DTSA-57-1.html diff --git a/data/DTSA/list b/data/DTSA/list index 4a27daa1cc..b63e20ea06 100644 --- a/data/DTSA/list +++ b/data/DTSA/list @@ -158,6 +158,6 @@ [September 4th, 2007] DTSA-56-1 zziplib - arbitrary code execution {CVE-2007-1614} [lenny] - zziplib 0.12.83-8lenny1 -[September 7th, 2007] DTSA-57-1 gforge - SQL injection +[September 9th, 2007] DTSA-57-1 gforge - sql injection {CVE-2007-3913} [lenny] - gforge 4.5.14-23lenny2 diff --git a/website/DTSA/DTSA-57-1.html b/website/DTSA/DTSA-57-1.html new file mode 100644 index 0000000000..4bf0028d23 --- /dev/null +++ b/website/DTSA/DTSA-57-1.html @@ -0,0 +1,90 @@ + + + Debian testing security team - Advisory + + + + +
+ + + + + Debian Project +
+
+ + + + + + + + + + + +
+ Debian testing security team - Advisory +
+ + +
+ + +

DTSA-57-1

+
+
Date Reported:
+
September 9, 2007
+
Affected Package:
+
gforge
+
Vulnerability:
+
sql injection
+
Problem-Scope:
+
remote
+
Debian-specific:
+
No
+
CVE:
+
+CVE-2007-3913 +
+
More information:
+
The gforge collaborative development environment is prone 
+to an SQL injection due to insufficient input sanitizing. 

+CVE-2007-3913 

+SQL injection vulnerability in Gforge before 3.1 allows 
+remote attackers to execute arbitrary SQL commands via 
+unspecified vectors. 
+
+
For the testing distribution (lenny) this is fixed in version 4.5.14-23lenny2
+
For the unstable distribution (sid) this is fixed in version 4.6.99+svn6086-1
+
This upgrade is recommended if you use gforge.
+
If you have the secure testing lines in your sources.list, you can update by running this command as root:
+ +
apt-get update && apt-get upgrade
+
+ +
+
To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:
+
+
deb http://security.debian.org/ testing/updates main contrib non-free
+
deb-src http://security.debian.org/ testing/updates main contrib non-free
+
+ + +
+ + Valid HTML 4.01! + + Valid CSS! + + + + diff --git a/website/list.html b/website/list.html index a8353d1c8b..3d2023d3a8 100644 --- a/website/list.html +++ b/website/list.html @@ -143,8 +143,10 @@
arbitrary code execution
[August 31st, 2007] DTSA-55-1 centerim
arbitrary code execution
-
[September 4st, 2007] DTSA-56-1 zziplib
+
[September 4th, 2007] DTSA-56-1 zziplib
arbitrary code execution
+
[September 9th, 2007] DTSA-57-1 gforge
+
sql injection

-- cgit v1.2.3