----------------------------------------------------------------------

Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?

Click here to learn more:
http://secunia.com/advisories/business_solutions/

----------------------------------------------------------------------

TITLE:
Debian update for gforge

SECUNIA ADVISORY ID:
SA33499

VERIFY ADVISORY:
http://secunia.com/advisories/33499/

CRITICAL:
Less critical

IMPACT:
Manipulation of data

WHERE:
>From remote

OPERATING SYSTEM:
Debian GNU/Linux 4.0
http://secunia.com/advisories/product/13844/
Debian GNU/Linux unstable alias sid
http://secunia.com/advisories/product/530/

DESCRIPTION:
Debian has issued an update for gforge. This fixes a vulnerability,
which can be exploited by malicious users to conduct SQL injection
attacks.

For more information:
SA33229

SOLUTION:
Apply updated packages.

-- Debian GNU/Linux 4.0 alias etch --

Source archives:

http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14.orig.tar.gz
Size/MD5 checksum: 2161141 e85f82eff84ee073f80a2a52dd32c8a5
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch9.diff.gz
Size/MD5 checksum: 199329 6414734bde3d1783cf0e2444132d64ff
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch10.diff.gz
Size/MD5 checksum: 199610 73b60a0e768f798d14102b84e44cd9b1
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch10.dsc
Size/MD5 checksum: 952 c2252c54ffade219203d006cdc64f91d
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch9.dsc
Size/MD5 checksum: 950 157db49aeacbdbee525e922defce5f16

Architecture independent packages:

http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch10_all.deb
Size/MD5 checksum: 80422 a9b65d4e911add81e36120fbc544f81c
http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache_4.5.14-22etch10_all.deb
Size/MD5 checksum: 705076 633d26be5fa1f2ade140c7da64fa6e6c
http://security.debian.org/pool/updates/main/g/gforge/gforge-dns-bind9_4.5.14-22etch10_all.deb
Size/MD5 checksum: 103914 676482196214c4a12639a02521c53a7d
http://security.debian.org/pool/updates/main/g/gforge/gforge-db-postgresql_4.5.14-22etch9_all.deb
Size/MD5 checksum: 212550 85b6f53b1e4a4ead87d775f11c77b49a
http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache_4.5.14-22etch9_all.deb
Size/MD5 checksum: 705018 90f3187e48801bb2ec2db79378d2a591
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-courier_4.5.14-22etch9_all.deb
Size/MD5 checksum: 76138 243c034e04e560bda6c36bdc9dc7c507
http://security.debian.org/pool/updates/main/g/gforge/gforge-db-postgresql_4.5.14-22etch10_all.deb
Size/MD5 checksum: 212632 096dd8f5c46723d1380f9a167d6bb376
http://security.debian.org/pool/updates/main/g/gforge/gforge-common_4.5.14-22etch9_all.deb
Size/MD5 checksum: 1010976 9e60171c74bc627e73e062c30e169d7e
http://security.debian.org/pool/updates/main/g/gforge/gforge-ftp-proftpd_4.5.14-22etch10_all.deb
Size/MD5 checksum: 86194 8bb823343c71101fa959b45765b597b6
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-postgresql_4.5.14-22etch9_all.deb
Size/MD5 checksum: 87206 ece177d2a29bad7645fd3814903b2e8b
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-postfix_4.5.14-22etch9_all.deb
Size/MD5 checksum: 88566 6739e7cb336746e32645ed46f940e39f
http://security.debian.org/pool/updates/main/g/gforge/gforge-common_4.5.14-22etch10_all.deb
Size/MD5 checksum: 1011010 516e5203afff464172b02ffd5c30a89e
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim_4.5.14-22etch9_all.deb
Size/MD5 checksum: 88670 8562b858d5e691eed636c51ac97575fe
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-postfix_4.5.14-22etch10_all.deb
Size/MD5 checksum: 88650 ffb7e94dfcde242e63727afcbb5cf541
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch9_all.deb
Size/MD5 checksum: 80324 a7a10e2bb6da8f71778d39885741d9d6
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim4_4.5.14-22etch9_all.deb
Size/MD5 checksum: 89178 4e859efc65d23de82d8254476467a092
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-courier_4.5.14-22etch10_all.deb
Size/MD5 checksum: 76234 7c50c3c5583f68804979efd5adf2992a
http://security.debian.org/pool/updates/main/g/gforge/gforge-lists-mailman_4.5.14-22etch9_all.deb
Size/MD5 checksum: 82138 3827dc51c27eeb10707339326e2af17c
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-ldap_4.5.14-22etch9_all.deb
Size/MD5 checksum: 86392 ae8fc096931982372d6926e2633dbbd2
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim4_4.5.14-22etch10_all.deb
Size/MD5 checksum: 89260 5508b317689cb6832109c3aed78cb58e
http://security.debian.org/pool/updates/main/g/gforge/gforge-ldap-openldap_4.5.14-22etch10_all.deb
Size/MD5 checksum: 95648 33598476706a7884652666ca2ca1af28
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-ldap_4.5.14-22etch10_all.deb
Size/MD5 checksum: 86482 0508b738b4b48b9f0f60f732b1e91d74
http://security.debian.org/pool/updates/main/g/gforge/gforge-ldap-openldap_4.5.14-22etch9_all.deb
Size/MD5 checksum: 95592 1743291eb91467798186579f3aaf1d25
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-postgresql_4.5.14-22etch10_all.deb
Size/MD5 checksum: 87286 cda968a4ac1f7b4827fd3494334d31b6
http://security.debian.org/pool/updates/main/g/gforge/gforge-ftp-proftpd_4.5.14-22etch9_all.deb
Size/MD5 checksum: 86104 e4ed2bb5eb3dd6571bf98ffbbe8042e6
http://security.debian.org/pool/updates/main/g/gforge/gforge-lists-mailman_4.5.14-22etch10_all.deb
Size/MD5 checksum: 82230 e816404997ed010acc59c6662b483317
http://security.debian.org/pool/updates/main/g/gforge/gforge-dns-bind9_4.5.14-22etch9_all.deb
Size/MD5 checksum: 103826 abd5c30fc9a5b6f8c5beb50056333688
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim_4.5.14-22etch10_all.deb
Size/MD5 checksum: 88752 579a75816591e7c458ad57dbf3c3b32f

-- Debian GNU/Linux unstable alias sid --

Fixed in version 4.7~rc2-7.

ORIGINAL ADVISORY:
DSA-1698-1:
http://lists.debian.org/debian-security-announce/2009/msg00005.html

OTHER REFERENCES:
SA33229:
http://secunia.com/advisories/33229/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------