Lucene search

K
osvGoogleOSV:DSA-1937-1
HistoryNov 21, 2009 - 12:00 a.m.

gforge - cross-site scripting

2009-11-2100:00:00
Google
osv.dev
6

It was discovered that gforge, collaborative development tool, is prone
to a cross-site scripting attack via the helpname parameter. Beside
fixing this issue, the update also introduces some additional input
sanitising. However, there are no known attack vectors.

The oldstable distribution (etch), these problems have been fixed in
version 4.5.14-22etch12.

For the stable distribution (lenny), these problem have been fixed in
version 4.7~rc2-7lenny2.

For the testing distribution (squeeze) and the unstable distribution
(sid), these problems have been fixed in version 4.8.1-3.

We recommend that you upgrade your gforge packages.

CPENameOperatorVersion
gforgeeq4.7~rc2-7
gforgeeq4.7~rc2-7lenny1