DSA-1937-1
| Name | DSA-1937-1 |
| Source | Debian |
| Description | gforge - cross-site scripting |
| References | CVE-2009-3303 |
| Debian/oldstable | package gforge is fixed in oldstable-security. |
| Debian/stable | not vulnerable |
| Debian/testing | not known to be vulnerable |
| Debian/unstable | not known to be vulnerable. |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| gforge (PTS) | etch | 4.5.14-22etch10 | vulnerable |
| etch (security) | 4.5.14-22etch13 | fixed |
| lenny, lenny (security) | 4.7~rc2-7lenny3 | fixed |
The next table lists affected binary packages.
| Binary Package | Release | Version | Status | Architecures |
|---|
| gforge, gforge-common, gforge-db-postgresql, gforge-dns-bind9, gforge-ftp-proftpd, gforge-ldap-openldap, gforge-lists-mailman, gforge-mta-courier, gforge-mta-exim, gforge-mta-exim4, gforge-mta-postfix, gforge-shell-ldap, gforge-shell-postgresql, gforge-web-apache | etch | 4.5.14-22etch10 | vulnerable | all |
| etch (security) | 4.5.14-22etch13 | fixed | all |
| gforge, gforge-common, gforge-db-postgresql, gforge-dns-bind9, gforge-ftp-proftpd, gforge-lists-mailman, gforge-mta-courier, gforge-mta-exim4, gforge-mta-postfix, gforge-plugin-mediawiki, gforge-plugin-scmcvs, gforge-plugin-scmsvn, gforge-shell-postgresql, gforge-web-apache, gforge-web-apache2 | lenny, lenny (security) | 4.7~rc2-7lenny3 | fixed | all |
The information above is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| gforge | source | etch | 4.5.14-22etch12 | unknown | | |
| gforge | source | lenny | 4.7~rc2-7lenny2 | unknown | | |
Home - Testing Security Team - Debian Security - Imprint