Version in base suite: 3.1-31sarge4 Version in overlay suite: 3.1-31sarge5 Base version: gforge_3.1-31sarge4 Target version: gforge_3.1-31sarge5 Base file: /org/ftp.debian.org/ftp/pool/main/g/gforge/gforge_3.1-31sarge4.dsc Target file: /org/ftp.debian.org/ftp/pool/main/g/gforge/gforge_3.1-31sarge5.dsc diff -u gforge-3.1/www/export/rss_sfnewreleases.php gforge-3.1/www/export/rss_sfnewreleases.php --- gforge-3.1/www/export/rss_sfnewreleases.php +++ gforge-3.1/www/export/rss_sfnewreleases.php @@ -20,6 +20,9 @@ '; +if (!is_numeric ($limit)) { + $limit = 0 ; +} // ## default limit if (!$limit) $limit = 10; if ($limit > 100) $limit = 100; diff -u gforge-3.1/www/export/rss_sfprojects.php gforge-3.1/www/export/rss_sfprojects.php --- gforge-3.1/www/export/rss_sfprojects.php +++ gforge-3.1/www/export/rss_sfprojects.php @@ -20,6 +20,9 @@ '; +if (!is_numeric ($limit)) { + $limit = 0 ; +} $res = db_query(" SELECT group_id, diff -u gforge-3.1/www/export/rss_sfnews.php gforge-3.1/www/export/rss_sfnews.php --- gforge-3.1/www/export/rss_sfnews.php +++ gforge-3.1/www/export/rss_sfnews.php @@ -20,6 +20,13 @@ '; + +if (!is_numeric ($limit)) { + $limit = 0 ; +} +if (!is_numeric ($group_id)) { + $group_id = 0 ; +} // ## default limit if (!$limit) $limit = 10; if ($limit > 100) $limit = 100; diff -u gforge-3.1/debian/changelog gforge-3.1/debian/changelog --- gforge-3.1/debian/changelog +++ gforge-3.1/debian/changelog @@ -1,3 +1,10 @@ +gforge (3.1-31sarge5) oldstable-security; urgency=high + + * Fixed SQL injection vulnerability due to insufficient input sanitizing + (CVE-2008-0173). + + -- Roland Mas Wed, 09 Jan 2008 18:31:35 +0100 + gforge (3.1-31sarge4) oldstable-security; urgency=high * Fixed file truncation vulnerabilities (CVE-2007-3921) (this version of