Report forwarded to debian-bugs-dist@lists.debian.org, security@debian.org, schultmc@debian.org (Michael C. Schultheiss): Bug#325285; Package gallery.
(full text, mbox, link).
Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to security@debian.org, schultmc@debian.org (Michael C. Schultheiss).
(full text, mbox, link).
From: schultmc@debian.org (Michael C. Schultheiss)
To: 325285-close@bugs.debian.org
Subject: Bug#325285: fixed in gallery 1.5-2
Date: Sat, 27 Aug 2005 11:32:06 -0700
Source: gallery
Source-Version: 1.5-2
We believe that the bug you reported is fixed in the latest version of
gallery, which is due to be installed in the Debian FTP archive:
gallery_1.5-2.diff.gz
to pool/main/g/gallery/gallery_1.5-2.diff.gz
gallery_1.5-2.dsc
to pool/main/g/gallery/gallery_1.5-2.dsc
gallery_1.5-2_all.deb
to pool/main/g/gallery/gallery_1.5-2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 325285@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael C. Schultheiss <schultmc@debian.org> (supplier of updated gallery package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 27 Aug 2005 17:21:56 +0000
Source: gallery
Binary: gallery
Architecture: source all
Version: 1.5-2
Distribution: unstable
Urgency: high
Maintainer: Michael C. Schultheiss <schultmc@debian.org>
Changed-By: Michael C. Schultheiss <schultmc@debian.org>
Description:
gallery - a web-based photo album written in php
Closes: 325285
Changes:
gallery (1.5-2) unstable; urgency=high
.
* SECURITY:
+ Fix privilege escalation in Postnuke integration.
References: CAN-2005-2596
+ Fix XSS issue in EXIF tag handling (Closes: #325285)
+ Fix two file exposure bugs in stats module.
Files:
4df56ea06229eda66637728516fd3472 577 web optional gallery_1.5-2.dsc
f31e1b99e4efe9f7caadd5c6ef278619 16730 web optional gallery_1.5-2.diff.gz
a6bdf76abb0d484137d67ad859582786 6570044 web optional gallery_1.5-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDEKzYyJBzD6P54w4RAsXSAJ0fjgXCwMZZM1jMPj7oVv2zTphluQCfQS8z
CvrsxyMlwtGVQpaCXUBPKsY=
=1oCc
-----END PGP SIGNATURE-----
Information forwarded to debian-bugs-dist@lists.debian.org, schultmc@debian.org (Michael C. Schultheiss): Bug#325285; Package gallery.
(full text, mbox, link).
Acknowledgement sent to Stephen Gran <sgran@debian.org>:
Extra info received and forwarded to list. Copy sent to schultmc@debian.org (Michael C. Schultheiss).
(full text, mbox, link).
This is just a note to check that stable is still vulnerable to the
exploits fixed in -2. I have added a found tag to this bug for sarge's
version - if that is wrong, pleae remove it and chastise me
appropriately :)
Take care,
--
-----------------------------------------------------------------
| ,''`. Stephen Gran |
| : :' : sgran@debian.org |
| `. `' Debian user, admin, and developer |
| `- http://www.debian.org |
-----------------------------------------------------------------
Bug marked as found in version 1.5-1.
Request was from Stephen Gran <sgran@debian.org>
to control@bugs.debian.org.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, schultmc@debian.org (Michael C. Schultheiss): Bug#325285; Package gallery.
(full text, mbox, link).
Acknowledgement sent to Martin Lohmeier <martin@mein-horde.de>:
Extra info received and forwarded to list. Copy sent to schultmc@debian.org (Michael C. Schultheiss).
(full text, mbox, link).
Hi,
I just noticed this bug and I'm asking if there is any process? Will
there be a fix for sarge?
bye, Martin
--
Powered by Debian GNU Linux
http://blog.mein-horde.de
Information forwarded to debian-bugs-dist@lists.debian.org, schultmc@debian.org (Michael C. Schultheiss): Bug#325285; Package gallery.
(full text, mbox, link).
Acknowledgement sent to Michael Schultheiss <schultmc@debian.org>:
Extra info received and forwarded to list. Copy sent to schultmc@debian.org (Michael C. Schultheiss).
(full text, mbox, link).
To: Martin Lohmeier <martin@mein-horde.de>, 325285@bugs.debian.org
Subject: Re: Bug#325285: any news on this bug?
Date: Thu, 29 Jun 2006 16:55:22 -0400
Martin Lohmeier wrote:
> I just noticed this bug and I'm asking if there is any process? Will
> there be a fix for sarge?
A patch has been provided to the Debian Security Team. I expect a DSA
will be released to cover this issue.
--
----------------------------
Michael Schultheiss
E-mail: schultmc@debian.org
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 26 Jun 2007 21:49:21 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.