gallery2 2.2.4-1ubuntu0.1 source package in Ubuntu


gallery2 (2.2.4-1ubuntu0.1) hardy-security; urgency=low

  * SECURITY UPDATE: multiple cross-site scripting, information disclosure,
    and restriction bypass vulnerabilities (LP: #242671), and arbitrary code
    execution (LP: #202422)
    - lib/smarty/plugins/modifier.regex_replace.php: Don't look past a NULL in
      the search string. Fixes possible arbitrary code execution. Patch from
      smarty upstream.
    - modules/core/ Flatten the contents of ZIP archives if they
      are being uploaded by a user without subalbum privileges. Patch from
      upstream svn.
    - modules/core/classes/GalleryUrlGenerator.class,
      Properly remove illegal characters from URLs. Patch from upstream svn.
    - modules/core/classes/Gallery{Embed,PhpVm}.class: More thoroughly verify
      that the remote address isn't being spoofed. Patch from upstream svn.
    - modules/password/ Only allow password protection of
      items already password protected or albums, as single items cannot
      reliably be password protected. Patch from upstream svn.
    - modules/albumselect/ Add session permissions to keys for
      the album list cache, to avoid hidden album disclosure. Patch from
      upstream svn.
    - */MANIFEST: Drop modified files to please the browser-based installer.
    - References:
      + CVE-2008-1066
      + CVE-2008-2720
      + CVE-2008-2721
      + CVE-2008-2722
      + CVE-2008-2723
      + CVE-2008-2724

 -- William Grant <email address hidden>   Wed, 25 Jun 2008 13:47:58 +1000

Upload details

Uploaded by:
William Grant on 2008-09-09
Uploaded to:
Original maintainer:
Michael Schultheiss
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section


Hardy: [FULLYBUILT] i386


File Size SHA-256 Checksum
gallery2_2.2.4.orig.tar.gz 11.4 MiB bc7eb368b26d31e65d9a11439483186a799bc9d21dfa33c48591e4cb0ca7f9a4
gallery2_2.2.4-1ubuntu0.1.diff.gz 26.5 KiB cbc242ffd005c2aa5d39b25698713a64b2f6834b0335096b8b2bc2d845c73157
gallery2_2.2.4-1ubuntu0.1.dsc 625 bytes 84080c7cb7f8a83d03e4d1217fa056a76e81eff2fd284c55c2816574297fbc46

Available diffs

View changes file

Binary packages built by this source

gallery2: No summary available for gallery2 in ubuntu hardy.

No description available for gallery2 in ubuntu hardy.