Debian Security Advisory

DSA-2633-1 fusionforge -- privilege escalation

Date Reported:
26 Feb 2013
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2013-1423.
More information:

Helmut Grohne discovered multiple privilege escalation flaws in FusionForge, a web-based project-management and collaboration software. Most of the vulnerabilities are related to the bad handling of privileged operations on user-controlled files or directories.

For the stable distribution (squeeze), this problem has been fixed in version 5.0.2-5+squeeze2.

For the testing (wheezy) and unstable (sid) distribution, these problems will be fixed soon.

We recommend that you upgrade your fusionforge packages.