Package: gforge-plugin-scmcvs Severity: grave Version: 4.5.14-5 Tags: security
Hi, The following CVE (Common Vulnerabilities & Exposures) id was published for snoopy, which affects the embedded copy shipped by gforge-plugin-scmcvs [0]. CVE-2008-4796[1]: > The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 > and earlier allows remote attackers to execute arbitrary commands via > shell metacharacters in https URLs. NOTE: some of these details are > obtained from third party information. The patch for a later version of Snoopy.class.php can be found at [2] which shouldn't be too hard to backport. If you fix the vulnerability please also make sure to include the CVE id in the changelog entry. [0] usr/lib/gforge/plugins/scmcvs/include/Snoopy.class [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4796 http://security-tracker.debian.net/tracker/CVE-2008-4796 [2] http://klecker.debian.org/~white/libphp-snoopy/CVE-2008-4796.patch Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net
signature.asc
Description: This is a digitally signed message part.