Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 3275-1] fusionforge security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 3275-1] fusionforge security update


Chronologisch Thread 
  • From: Salvatore Bonaccorso <carnil AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 3275-1] fusionforge security update
  • Date: Sat, 30 May 2015 09:01:28 +0000
  • List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
  • List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>
  • Old-return-path: <carnil AT master.debian.org>
  • Priority: urgent
  • Resent-date: Sat, 30 May 2015 09:01:46 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <FR731O17wmP.A.yqG.6xXaVB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3275-1 security AT debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
May 30, 2015 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : fusionforge
CVE ID : CVE-2015-0850

Ansgar Burchardt discovered that the Git plugin for FusionForge, a
web-based project-management and collaboration software, does not
sufficiently validate user provided input as parameter to the method to
create secondary Git repositories. A remote attacker can use this flaw
to execute arbitrary code as root via a specially crafted URL.

For the stable distribution (jessie), this problem has been fixed in
version 5.3.2+20141104-3+deb8u1.

For the testing distribution (stretch) and the unstable distribution
(sid), this problem will be fixed soon.

We recommend that you upgrade your fusionforge packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVaXwVAAoJEAVMuPMTQ89E1WMQAIKNgu7rsz7hpSoz+Sp+3OWg
/XGK/hmY+0ksO5/eOGueZQlAOMxRVeINspD658FJ4GbvM8rwhIPE/rW7NyDh39uN
NtYgHLJDkwtYJ6o4Ubb5SapEoEMHtU7tOz1zyinncDzf/l3NmwoFhFt8ql0VQFFp
hDkx0Ovmz4efQWipKFCbC5jUBTAmNcOnghHIHLkr97SRKh4oHwWIbqUgEFbg+Zkk
hlQ6peYqBjqcdLlzt9ifFVaStaf/RH/onl5JDNHav2oystPtbCyfc5gT7efX1yeL
ZwTpIa1zkPyybqxJe74GBx9IdDkOjIrm3syW2NGBB98QixEuEuBCMcZrHJf+csQV
3prZbvJUevtoSOO4CpVa6733pt0jiM1irSIonICobujrxHi4WZ8eDcng5lg2nE7z
lroALjTcBkQwl02ptRy7aXM66fbLLvkxflI8Ti1hCuoUiLfSFNbbmGB6fB2GQq8f
uqZPqlFutBvwikPMUZXfo6o8JqzY7/hDK+K2FSgq2yJipaBWb2q4OOC+SkbN/51J
Wk+gOf0ZNj81lNCloGK6fX57BypzO1SOg55ZT1DsgDc4BogbQ/XrV66FRnFiZEaS
bhsS2JEuXELaRwQ1NtWI4beocTvcIyO8PTabw/pHkeJ9LOSyOhceTEGmdOLn0nsz
EuCeXkJfZ21JlExUXwEu
=hJMK
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST AT lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster AT lists.debian.org
Archive: E1Yyce0-0006AC-OP AT master.debian.org">https://lists.debian.org/E1Yyce0-0006AC-OP AT master.debian.org




  • [IT-SecNots] [SECURITY] [DSA 3275-1] fusionforge security update, Salvatore Bonaccorso, 30.05.2015

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang