Информационная безопасность
[RU] switch to English


Дополнительная информация

  Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

  Xloner v3.1.2 wordpress plugin authenticated command execution and XSS

  CVE-2015-4010 - Cross-site Request Forgery & Cross-site Scripting in Encrypted Contact Form Wordpress Plugin v1.0.4

  AnimaGallery 2.6 (theme and lang cookie parameter) Local File Include Vulnerability

  Symphony CMS 2.6.2

From:DEBIAN
Date:8 июня 2015 г.
Subject:[SECURITY] [DSA 3275-1] fusionforge security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3275-1                   [email protected]
http://www.debian.org/security/                      Salvatore Bonaccorso
May 30, 2015                           http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : fusionforge
CVE ID         : CVE-2015-0850

Ansgar Burchardt discovered that the Git plugin for FusionForge, a
web-based project-management and collaboration software, does not
sufficiently validate user provided input as parameter to the method to
create secondary Git repositories. A remote attacker can use this flaw
to execute arbitrary code as root via a specially crafted URL.

For the stable distribution (jessie), this problem has been fixed in
version 5.3.2+20141104-3+deb8u1.

For the testing distribution (stretch) and the unstable distribution
(sid), this problem will be fixed soon.

We recommend that you upgrade your fusionforge packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVaXwVAAoJEAVMuPMTQ89E1WMQAIKNgu7rsz7hpSoz+Sp+3OWg
/XGK/hmY+0ksO5/eOGueZQlAOMxRVeINspD658FJ4GbvM8rwhIPE/rW7NyDh39uN
NtYgHLJDkwtYJ6o4Ubb5SapEoEMHtU7tOz1zyinncDzf/l3NmwoFhFt8ql0VQFFp
hDkx0Ovmz4efQWipKFCbC5jUBTAmNcOnghHIHLkr97SRKh4oHwWIbqUgEFbg+Zkk
hlQ6peYqBjqcdLlzt9ifFVaStaf/RH/onl5JDNHav2oystPtbCyfc5gT7efX1yeL
ZwTpIa1zkPyybqxJe74GBx9IdDkOjIrm3syW2NGBB98QixEuEuBCMcZrHJf+csQV
3prZbvJUevtoSOO4CpVa6733pt0jiM1irSIonICobujrxHi4WZ8eDcng5lg2nE7z
lroALjTcBkQwl02ptRy7aXM66fbLLvkxflI8Ti1hCuoUiLfSFNbbmGB6fB2GQq8f
uqZPqlFutBvwikPMUZXfo6o8JqzY7/hDK+K2FSgq2yJipaBWb2q4OOC+SkbN/51J
Wk+gOf0ZNj81lNCloGK6fX57BypzO1SOg55ZT1DsgDc4BogbQ/XrV66FRnFiZEaS
bhsS2JEuXELaRwQ1NtWI4beocTvcIyO8PTabw/pHkeJ9LOSyOhceTEGmdOLn0nsz
EuCeXkJfZ21JlExUXwEu
=hJMK
-----END PGP SIGNATURE-----

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород