nion at alioth.debian.org
2007-Sep-07 20:22 UTC
[Secure-testing-commits] r6540 - data/DTSA/advs
Author: nion Date: 2007-09-07 20:22:20 +0000 (Fri, 07 Sep 2007) New Revision: 6540 Added: data/DTSA/advs/57-gforge.adv Removed: data/DTSA/advs/57.gforge.adv Log: wrong file name Copied: data/DTSA/advs/57-gforge.adv (from rev 6539, data/DTSA/advs/57.gforge.adv) ==================================================================--- data/DTSA/advs/57-gforge.adv (rev 0) +++ data/DTSA/advs/57-gforge.adv 2007-09-07 20:22:20 UTC (rev 6540) @@ -0,0 +1,20 @@ +source: gforge +date: September 9, 2007 +author: Nico Golde +vuln-type: sql injection +problem-scope: remote +debian-specifc: no +cve: CVE-2007-3913 +vendor-advisory: +testing-fix: 4.5.14-23lenny2 +sid-fix: 4.6.99+svn6086-1 +upgrade: apt-get upgrade + +The gforge collaborative development environment is prone +to an SQL injection due to insufficient input sanitizing. + +CVE-2007-3913 + +SQL injection vulnerability in Gforge before 3.1 allows +remote attackers to execute arbitrary SQL commands via +unspecified vectors. Deleted: data/DTSA/advs/57.gforge.adv ==================================================================--- data/DTSA/advs/57.gforge.adv 2007-09-07 20:16:13 UTC (rev 6539) +++ data/DTSA/advs/57.gforge.adv 2007-09-07 20:22:20 UTC (rev 6540) @@ -1,20 +0,0 @@ -source: gforge -date: September 9, 2007 -author: Nico Golde -vuln-type: sql injection -problem-scope: remote -debian-specifc: no -cve: CVE-2007-3913 -vendor-advisory: -testing-fix: 4.5.14-23lenny2 -sid-fix: 4.6.99+svn6086-1 -upgrade: apt-get upgrade - -The gforge collaborative development environment is prone -to an SQL injection due to insufficient input sanitizing. - -CVE-2007-3913 - -SQL injection vulnerability in Gforge before 3.1 allows -remote attackers to execute arbitrary SQL commands via -unspecified vectors.