Package: gforge Severity: grave Tags: security Justification: user security hole
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear gforge maintainer, GForge 3.x has directory traversal vulnerabilities because of lack about sanitisation in some scripts. You can see detail about vulnerability with PoC and workaround in this advisory http://www.securityfocus.com/archive/1/387850/2005-01-19/2005-01-25/0 - -- Regards, Hideki Yamane henrich @ samba.gr.jp/iijmio-mail.jp -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFB8pO2Iu0hy8THJksRAhE8AJ4gntmdUoj0zApRAK6YfGvhsx7UtgCfXutm xg2AiEbs1UB7saoWJlNdBgA= =yAVX -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
