Debian Security Advisory 3275-1

Debian Security Advisory 3275-1: Posted Jun 1, 2015; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3275-1 - Ansgar Burchardt discovered that the Git plugin for FusionForge, a web-based project-management and collaboration software, does not sufficiently validate user provided input as parameter to the method to create secondary Git repositories. A remote attacker can use this flaw to execute arbitrary code as root via a specially crafted URL.; tags | advisory, remote, web, arbitrary, root; systems | linux, debian; advisories | CVE-2015-0850; SHA-256 | c184c6b561b6fcd2eb432f1f2aae55189e31682b9df00a55e0e0d5e60ae381c2; Download | Favorite | View

Debian Security Advisory 3275-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3275-1                   security@debian.org
http://www.debian.org/security/                      Salvatore Bonaccorso
May 30, 2015                           http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : fusionforge
CVE ID         : CVE-2015-0850

Ansgar Burchardt discovered that the Git plugin for FusionForge, a
web-based project-management and collaboration software, does not
sufficiently validate user provided input as parameter to the method to
create secondary Git repositories. A remote attacker can use this flaw
to execute arbitrary code as root via a specially crafted URL.

For the stable distribution (jessie), this problem has been fixed in
version 5.3.2+20141104-3+deb8u1.

For the testing distribution (stretch) and the unstable distribution
(sid), this problem will be fixed soon.

We recommend that you upgrade your fusionforge packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVaXwVAAoJEAVMuPMTQ89E1WMQAIKNgu7rsz7hpSoz+Sp+3OWg
/XGK/hmY+0ksO5/eOGueZQlAOMxRVeINspD658FJ4GbvM8rwhIPE/rW7NyDh39uN
NtYgHLJDkwtYJ6o4Ubb5SapEoEMHtU7tOz1zyinncDzf/l3NmwoFhFt8ql0VQFFp
hDkx0Ovmz4efQWipKFCbC5jUBTAmNcOnghHIHLkr97SRKh4oHwWIbqUgEFbg+Zkk
hlQ6peYqBjqcdLlzt9ifFVaStaf/RH/onl5JDNHav2oystPtbCyfc5gT7efX1yeL
ZwTpIa1zkPyybqxJe74GBx9IdDkOjIrm3syW2NGBB98QixEuEuBCMcZrHJf+csQV
3prZbvJUevtoSOO4CpVa6733pt0jiM1irSIonICobujrxHi4WZ8eDcng5lg2nE7z
lroALjTcBkQwl02ptRy7aXM66fbLLvkxflI8Ti1hCuoUiLfSFNbbmGB6fB2GQq8f
uqZPqlFutBvwikPMUZXfo6o8JqzY7/hDK+K2FSgq2yJipaBWb2q4OOC+SkbN/51J
Wk+gOf0ZNj81lNCloGK6fX57BypzO1SOg55ZT1DsgDc4BogbQ/XrV66FRnFiZEaS
bhsS2JEuXELaRwQ1NtWI4beocTvcIyO8PTabw/pHkeJ9LOSyOhceTEGmdOLn0nsz
EuCeXkJfZ21JlExUXwEu
=hJMK
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Debian Security Advisory 3275-1

Debian Security Advisory 3275-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 3275-1

Share This

Debian Security Advisory 3275-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems