Security Information / 2013 / Security Information -- DSA-2633-1 fusionforge

Debian Security Advisory

DSA-2633-1 fusionforge -- privilege escalation

Date Reported:

26 Feb 2013

Affected Packages:

fusionforge

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2013-1423.

More information:

Helmut Grohne discovered multiple privilege escalation flaws in FusionForge, a web-based project-management and collaboration software. Most of the vulnerabilities are related to the bad handling of privileged operations on user-controlled files or directories.

For the stable distribution (squeeze), this problem has been fixed in version 5.0.2-5+squeeze2.

For the testing (wheezy) and unstable (sid) distribution, these problems will be fixed soon.

We recommend that you upgrade your fusionforge packages.