Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 1698-1] New gforge packages fix SQL injection (1/2)

From Thijs Kinkhorst@1:229/2 to All on Fri Jan 9 09:10:09 2009

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1698-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst January 09, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : gforge
Vulnerability : insufficient input sanitising
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-2381

It was discovered that GForge, a collaborative development tool,
insufficiently sanitises some input allowing a remote attacker to
perform SQL injection.

For the stable distribution (etch), this problem has been fixed in
version 4.5.14-22etch10.

For the testing (lenny) and unstable distribution (sid), this problem
has been fixed in version 4.7~rc2-7.

We recommend that you upgrade your gforge package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14.orig.tar.gz
Size/MD5 checksum: 2161141 e85f82eff84ee073f80a2a52dd32c8a5
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch9.diff.gz
Size/MD5 checksum: 199329 6414734bde3d1783cf0e2444132d64ff
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch10.diff.gz
Size/MD5 checksum: 199610 73b60a0e768f798d14102b84e44cd9b1
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch10.dsc
Size/MD5 checksum: 952 c2252c54ffade219203d006cdc64f91d
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch9.dsc
Size/MD5 checksum: 950 157db49aeacbdbee525e922defce5f16

Architecture independent packages:

http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch10_all.deb
Size/MD5 checksum: 80422 a9b65d4e911add81e36120fbc544f81c
http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache_4.5.14-22etch10_all.deb
Size/MD5 checksum: 705076 633d26be5fa1f2ade140c7da64fa6e6c
http://security.debian.org/pool/updates/main/g/gforge/gforge-dns-bind9_4.5.14-22etch10_all.deb
Size/MD5 checksum: 103914 676482196214c4a12639a02521c53a7d
http://security.debian.org/pool/updates/main/g/gforge/gforge-db-postgresql_4.5.14-22etch9_all.deb
Size/MD5 checksum: 212550 85b6f53b1e4a4ead87d775f11c77b49a
http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache_4.5.14-22etch9_all.deb
Size/MD5 checksum: 705018 90f3187e48801bb2ec2db79378d2a591
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-courier_4.5.14-22etch9_all.deb
Size/MD5 checksum: 76138 243c034e04e560bda6c36bdc9dc7c507
http://security.debian.org/pool/updates/main/g/gforge/gforge-db-postgresql_4.5.14-22etch10_all.deb
Size/MD5 checksum: 212632 096dd8f5c46723d1380f9a167d6bb376
http://security.debian.org/pool/updates/main/g/gforge/gforge-common_4.5.14-22etch9_all.deb
Size/MD5 checksum: 1010976 9e60171c74bc627e73e062c30e169d7e
http://security.debian.org/pool/updates/main/g/gforge/gforge-ftp-proftpd_4.5.14-22etch10_all.deb
Size/MD5 checksum: 86194 8bb823343c71101fa959b45765b597b6
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-postgresql_4.5.14-22etch9_all.deb
Size/MD5 checksum: 87206 ece177d2a29bad7645fd3814903b2e8b
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-postfix_4.5.14-22etch9_all.deb
Size/MD5 checksum: 88566 6739e7cb336746e32645ed46f940e39f
http://security.debian.org/pool/updates/main/g/gforge/gforge-common_4.5.14-22etch10_all.deb
Size/MD5 checksum: 1011010 516e5203afff464172b02ffd5c30a89e
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim_4.5.14-22etch9_all.deb
Size/MD5 checksum: 88670 8562b858d5e691eed636c51ac97575fe
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-postfix_4.5.14-22etch10_all.deb
Size/MD5 checksum: 88650 ffb7e94dfcde242e63727afcbb5cf541
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch9_all.deb
Size/MD5 checksum: 80324 a7a10e2bb6da8f71778d39885741d9d6
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim4_4.5.14-22etch9_all.deb
Size/MD5 checksum: 89178 4e859efc65d23de82d8254476467a092
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-courier_4.5.14-22etch10_all.deb
Size/MD5 checksum: 76234 7c50c3c5583f68804979efd5adf2992a
http://security.debian.org/pool/updates/main/g/gforge/gforge-lists-mailman_4.5.14-22etch9_all.deb
Size/MD5 checksum: 82138 3827dc51c27eeb10707339326e2af17c
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-ldap_4.5.14-22etch9_all.deb
Size/MD5 checksum: 86392 ae8fc096931982372d6926e2633dbbd2
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim4_4.5.14-22etch10_all.deb
Size/MD5 checksum: 89260 5508b317689cb6832109c3aed78cb58e
http://security.debian.org/pool/updates/main/g/gforge/gforge-ldap-openldap_4.5.14-22etch10_all.deb
Size/MD5 checksum: 95648 33598476706a7884652666ca2ca1af28
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-ldap_4.5.14-22etch10_all.deb
Size/MD5 checksum: 86482 0508b738b4b48b9f0f60f732b1e91d74
http://security.debian.org/pool/updates/main/g/gforge/gforge-ldap-openldap_4.5.14-22etch9_all.deb
Size/MD5 checksum: 95592 1743291eb91467798186579f3aaf1d25
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-postgresql_4.5.14-22etch10_all.deb
Size/MD5 checksum: 87286 cda968a4ac1f7b4827fd3494334d31b6
http://security.debian.org/pool/updates/main/g/gforge/gforge-ftp-proftpd_4.5.14-22etch9_all.deb
Size/MD5 checksum: 86104 e4ed2bb5eb3dd6571bf98ffbbe8042e6
http://security.debian.org/pool/updates/main/g/gforge/gforge-lists-mailman_4.5.14-22etch10_all.deb
Size/MD5 checksum: 82230 e816404997ed010acc59c6662b483317

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Krenn
  Sat Jun 6 11:38:56 2026
  from Sydney, Nsw via Telnet
- Furryboy
  Sat Jun 6 10:56:29 2026
  from Romania, Galati via SSH
- Centurion
  Fri Jun 5 22:28:01 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Fri Jun 5 17:52:51 2026
  from Sheboygan, Wi via Telnet
- Gwylbert
  Fri Jun 5 06:28:52 2026
  from Sydney, Nsw via Telnet
- Centurion
  Thu Jun 4 23:42:23 2026
  from Berea, Ohio via Telnet
- Michal Wronka
  Thu Jun 4 23:19:58 2026
  from Wroclaw, Poland via Telnet
- Michal Wronka
  Thu Jun 4 23:17:20 2026
  from Wroclaw, Poland via SSH

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (2 / 14)
Uptime:	145:59:29
Calls:	12,089
Calls today:	2
Files:	15,000
Messages:	6,517,500

[SECURITY] [DSA 1698-1] New gforge packages fix SQL injection (1/2)

Who's Online

Recent Visitors

System Info