CVE-2008-2381

Name	CVE-2008-2381
Source	CVE (at NVD; RH)
Description	SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable.
References	DSA-1698-1
NVD severity	high
Debian/oldstable	not vulnerable
Debian/stable	not vulnerable
Debian/testing	not vulnerable
Debian/unstable	not vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
gforge (PTS)	etch	4.5.14-22etch10	fixed
	etch (security)	4.5.14-22etch13	fixed
	lenny, lenny (security)	4.7~rc2-7lenny3	fixed
	squeeze	4.8.2-1	fixed
	sid	4.8.2-2	fixed
	experimental	4.8.55+svn8699-1	fixed

The next table lists affected binary packages.

Binary Package	Release	Version	Status	Architecures
gforge, gforge-common, gforge-db-postgresql, gforge-dns-bind9, gforge-ftp-proftpd, gforge-ldap-openldap, gforge-lists-mailman, gforge-mta-courier, gforge-mta-exim, gforge-mta-exim4, gforge-mta-postfix, gforge-shell-ldap, gforge-shell-postgresql, gforge-web-apache	etch	4.5.14-22etch10	fixed	all
	etch (security)	4.5.14-22etch13	fixed	all
gforge, gforge-common, gforge-db-postgresql, gforge-dns-bind9, gforge-ftp-proftpd, gforge-lists-mailman, gforge-mta-courier, gforge-mta-exim4, gforge-mta-postfix, gforge-plugin-contribtracker, gforge-plugin-extratabs, gforge-plugin-globalsearch, gforge-plugin-mediawiki, gforge-plugin-projectlabels, gforge-plugin-scmarch, gforge-plugin-scmbzr, gforge-plugin-scmcvs, gforge-plugin-scmdarcs, gforge-plugin-scmgit, gforge-plugin-scmhg, gforge-plugin-scmsvn, gforge-shell-postgresql, gforge-web-apache, gforge-web-apache2	experimental	4.8.55+svn8699-1	fixed	all
gforge, gforge-common, gforge-db-postgresql, gforge-dns-bind9, gforge-ftp-proftpd, gforge-lists-mailman, gforge-mta-courier, gforge-mta-exim4, gforge-mta-postfix, gforge-plugin-mediawiki, gforge-plugin-scmcvs, gforge-plugin-scmsvn, gforge-shell-postgresql, gforge-web-apache, gforge-web-apache2	lenny, lenny (security)	4.7~rc2-7lenny3	fixed	all
	squeeze	4.8.1-2	fixed	all
	squeeze	4.8.2-1	fixed	all
	sid	4.8.2-2	fixed	all

The information above is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
gforge	source	(unstable)	4.7~rc2-7	unknown
gforge	source	etch	4.5.14-22etch10	unknown	DSA-1698-1

Home - Testing Security Team - Debian Security - Imprint