Steve Kemp from the Debian Security Audit project discovered that gforge,
a collaborative development tool, used temporary files insecurely which
could allow local users to truncate files upon the system with the privileges
of the gforge user, or create a denial of service attack.
For the old stable distribution (sarge), this problem has been fixed in
version 3.1-31sarge4.
For the stable distribution (etch), this problem has been fixed in version
4.5.14-22etch3.
We recommend that you upgrade your gforge package.
CPE | Name | Operator | Version |
---|---|---|---|
gforge | eq | 4.5.14-22etch1 | |
gforge | eq | 4.5.14-22 | |
gforge | eq | 4.5.14-22etch2 |