Debian Bug report logs - #325285
gallery: XSS in EXIF tag handling

version graph

Package: gallery; Maintainer for gallery is Michael C. Schultheiss <schultmc@debian.org>; Source for gallery is src:gallery.

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Sat, 27 Aug 2005 10:48:04 UTC

Severity: grave

Tags: security

Found in version gallery/1.5-1

Fixed in version gallery/1.5-2

Done: schultmc@debian.org (Michael C. Schultheiss)

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, security@debian.org, schultmc@debian.org (Michael C. Schultheiss):
Bug#325285; Package gallery. Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to security@debian.org, schultmc@debian.org (Michael C. Schultheiss). Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: gallery: XSS in EXIF tag handling
Date: Sat, 27 Aug 2005 12:36:01 +0200
Package: gallery
Severity: grave
Tags: security
Justification: user security hole

gallery doesn't sanitize EXIF tags when displaying them. Please
see http://cedri.cc/advisories/EXIF_XSS.txt for more information.

gallery2 might be affected as well.

Cheers,
        Moritz
-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-rc5
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)



Reply sent to schultmc@debian.org (Michael C. Schultheiss):
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #10 received at 325285-close@bugs.debian.org (full text, mbox):

From: schultmc@debian.org (Michael C. Schultheiss)
To: 325285-close@bugs.debian.org
Subject: Bug#325285: fixed in gallery 1.5-2
Date: Sat, 27 Aug 2005 11:32:06 -0700
Source: gallery
Source-Version: 1.5-2

We believe that the bug you reported is fixed in the latest version of
gallery, which is due to be installed in the Debian FTP archive:

gallery_1.5-2.diff.gz
  to pool/main/g/gallery/gallery_1.5-2.diff.gz
gallery_1.5-2.dsc
  to pool/main/g/gallery/gallery_1.5-2.dsc
gallery_1.5-2_all.deb
  to pool/main/g/gallery/gallery_1.5-2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 325285@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael C. Schultheiss <schultmc@debian.org> (supplier of updated gallery package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 27 Aug 2005 17:21:56 +0000
Source: gallery
Binary: gallery
Architecture: source all
Version: 1.5-2
Distribution: unstable
Urgency: high
Maintainer: Michael C. Schultheiss <schultmc@debian.org>
Changed-By: Michael C. Schultheiss <schultmc@debian.org>
Description: 
 gallery    - a web-based photo album written in php
Closes: 325285
Changes: 
 gallery (1.5-2) unstable; urgency=high
 .
   * SECURITY:
     + Fix privilege escalation in Postnuke integration.
       References: CAN-2005-2596
     + Fix XSS issue in EXIF tag handling (Closes: #325285)
     + Fix two file exposure bugs in stats module.
Files: 
 4df56ea06229eda66637728516fd3472 577 web optional gallery_1.5-2.dsc
 f31e1b99e4efe9f7caadd5c6ef278619 16730 web optional gallery_1.5-2.diff.gz
 a6bdf76abb0d484137d67ad859582786 6570044 web optional gallery_1.5-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDEKzYyJBzD6P54w4RAsXSAJ0fjgXCwMZZM1jMPj7oVv2zTphluQCfQS8z
CvrsxyMlwtGVQpaCXUBPKsY=
=1oCc
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org, schultmc@debian.org (Michael C. Schultheiss):
Bug#325285; Package gallery. Full text and rfc822 format available.

Acknowledgement sent to Stephen Gran <sgran@debian.org>:
Extra info received and forwarded to list. Copy sent to schultmc@debian.org (Michael C. Schultheiss). Full text and rfc822 format available.

Message #15 received at 325285@bugs.debian.org (full text, mbox):

From: Stephen Gran <sgran@debian.org>
To: 325285@bugs.debian.org
Subject: stable is still vulnerable
Date: Mon, 12 Sep 2005 08:31:05 +0100
[Message part 1 (text/plain, inline)]
This is just a note to check that stable is still vulnerable to the
exploits fixed in -2.  I have added a found tag to this bug for sarge's
version - if that is wrong, pleae remove it and chastise me
appropriately :)

Take care,
-- 
 -----------------------------------------------------------------
|   ,''`.                                            Stephen Gran |
|  : :' :                                        sgran@debian.org |
|  `. `'                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |
 -----------------------------------------------------------------
[signature.asc (application/pgp-signature, inline)]

Bug marked as found in version 1.5-1. Request was from Stephen Gran <sgran@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, schultmc@debian.org (Michael C. Schultheiss):
Bug#325285; Package gallery. Full text and rfc822 format available.

Acknowledgement sent to Martin Lohmeier <martin@mein-horde.de>:
Extra info received and forwarded to list. Copy sent to schultmc@debian.org (Michael C. Schultheiss). Full text and rfc822 format available.

Message #22 received at 325285@bugs.debian.org (full text, mbox):

From: Martin Lohmeier <martin@mein-horde.de>
To: 325285@bugs.debian.org
Subject: any news on this bug?
Date: Thu, 29 Jun 2006 22:11:46 +0200
[Message part 1 (text/plain, inline)]
Hi,

I just noticed this bug and I'm asking if there is any process? Will
there be a fix for sarge?

bye, Martin
-- 

Powered by Debian GNU Linux

http://blog.mein-horde.de

[signature.asc (application/pgp-signature, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, schultmc@debian.org (Michael C. Schultheiss):
Bug#325285; Package gallery. Full text and rfc822 format available.

Acknowledgement sent to Michael Schultheiss <schultmc@debian.org>:
Extra info received and forwarded to list. Copy sent to schultmc@debian.org (Michael C. Schultheiss). Full text and rfc822 format available.

Message #27 received at 325285@bugs.debian.org (full text, mbox):

From: Michael Schultheiss <schultmc@debian.org>
To: Martin Lohmeier <martin@mein-horde.de>, 325285@bugs.debian.org
Subject: Re: Bug#325285: any news on this bug?
Date: Thu, 29 Jun 2006 16:55:22 -0400
Martin Lohmeier wrote:
> I just noticed this bug and I'm asking if there is any process? Will
> there be a fix for sarge?

A patch has been provided to the Debian Security Team.  I expect a DSA
will be released to cover this issue.

-- 
----------------------------
Michael Schultheiss
E-mail: schultmc@debian.org



Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 26 Jun 2007 21:49:21 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Apr 21 11:04:43 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.