Debian Security Advisory DSA 1389-2 (zoph) Network Vulnerability

Summary

The remote host is missing an update to zoph announced via advisory DSA 1389-2.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201389-2

Insight

It was discovered that zoph, a web based photo management system, performs insufficient input sanitising, which allows SQL injection. This is an updated advisory to make the update for oldstable (sarge) available, which had been uploaded to the wrong suite. For the oldstable distribution (sarge) this problem has been fixed in version 0.3.3-12sarge3. For the stable distribution (etch) this problem has been fixed in version 0.6-2.1etch1. For the unstable distribution (sid) this problem has been fixed in version 0.7.0.2-1. We recommend that you upgrade your zoph package.

Severity

Classification

CVE CVE-2007-3905
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 058-1 (exim)
Debian Security Advisory DSA 081-1 (w3m, w3m-ssl)
Debian Security Advisory DSA 076-1 (most)
Debian Security Advisory DSA 1051-1 (mozilla-thunderbird)
Debian Security Advisory DSA 040-1 (slrn)

Take action and discover your vulnerabilities