[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-1754-1 roundup -- insufficient access checks

ID: oval:org.secpod.oval:def:600428Date: (C)2011-05-13   (M)2022-10-10
Class: PATCHFamily: unix




It was discovered that roundup, an issue tracker with a command-line, web and email interface, allows users to edit resources in unauthorized ways, including granting themselves admin rights. This update introduces stricter access checks, actually enforcing the configured permissions and roles. This means that the configuration may need updating. In addition, user registration via the web interface has been disabled; use the program "roundup-admin" from the command line instead. For the old stable distribution , this problem has been fixed in version 1.2.1-10+etch1. For the stable distribution , this problem has been fixed in version 1.4.4-4+lenny1. We recommend that you upgrade your roundup package.

Platform:
Debian 5.0
Debian 4.0
Product:
roundup
Reference:
DSA-1754-1
CVE-2009-2737
CVE    1
CVE-2009-2737
CPE    2
cpe:/o:debian:debian_linux:4.0
cpe:/o:debian:debian_linux:5.0

© SecPod Technologies