Debian Security Advisory
DSA-2633-1 fusionforge -- privilege escalation
- Date Reported:
- 26 Feb 2013
- Affected Packages:
- fusionforge
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2013-1423.
- More information:
-
Helmut Grohne discovered multiple privilege escalation flaws in FusionForge, a web-based project-management and collaboration software. Most of the vulnerabilities are related to the bad handling of privileged operations on user-controlled files or directories.
For the stable distribution (squeeze), this problem has been fixed in version 5.0.2-5+squeeze2.
For the testing (wheezy) and unstable (sid) distribution, these problems will be fixed soon.
We recommend that you upgrade your fusionforge packages.