Change logs for gallery2 source package in Hardy

  • gallery2 (2.2.4-1ubuntu0.1) hardy-security; urgency=low
      * SECURITY UPDATE: multiple cross-site scripting, information disclosure,
        and restriction bypass vulnerabilities (LP: #242671), and arbitrary code
        execution (LP: #202422)
        - lib/smarty/plugins/modifier.regex_replace.php: Don't look past a NULL in
          the search string. Fixes possible arbitrary code execution. Patch from
          smarty upstream.
        - modules/core/ Flatten the contents of ZIP archives if they
          are being uploaded by a user without subalbum privileges. Patch from
          upstream svn.
        - modules/core/classes/GalleryUrlGenerator.class,
          Properly remove illegal characters from URLs. Patch from upstream svn.
        - modules/core/classes/Gallery{Embed,PhpVm}.class: More thoroughly verify
          that the remote address isn't being spoofed. Patch from upstream svn.
        - modules/password/ Only allow password protection of
          items already password protected or albums, as single items cannot
          reliably be password protected. Patch from upstream svn.
        - modules/albumselect/ Add session permissions to keys for
          the album list cache, to avoid hidden album disclosure. Patch from
          upstream svn.
        - */MANIFEST: Drop modified files to please the browser-based installer.
        - References:
          + CVE-2008-1066
          + CVE-2008-2720
          + CVE-2008-2721
          + CVE-2008-2722
          + CVE-2008-2723
          + CVE-2008-2724
     -- William Grant <email address hidden>   Wed, 25 Jun 2008 13:47:58 +1000
  • gallery2 (2.2.4-1) unstable; urgency=high
      * New upstream release (Urgency high due to security fixes.
        Closes: #457644)
      * debian/control: 
        + Update Standards-Version (No changes needed)
        + Add Homepage field, remove Homepage from Description
      * debian/rules: No longer set DH_COMPAT (use debian/compat instead)
     -- Michael Bienia <email address hidden>   Fri,  04 Jan 2008 10:02:58 +0000
  • gallery2 (2.2.3-2) unstable; urgency=low
      * Add Slovak translation of Debconf templates.  (Thanks to 
        Ivan Masá.  Closes: #441671)
    gallery2 (2.2.3-1) unstable; urgency=medium
      * New upstream release (Closes: #432930, #440189)
        + Urgency medium due to security fixes (CVE-2007-4650)
        + Switch to full upstream tarball rather than developer upstream tarball
          (Closes: #325104)
        + Allow + in valid email regexp (Closes: #429542)
      * Add Brazilian Portuguese translation of debconf templates.  (Thanks to
        Beraldo Leal.  Closes: #440076)
      * debian/control: prefer apache2 over apache, php5 over php4
     -- Ubuntu Archive Auto-Sync <email address hidden>   Tue,  23 Oct 2007 16:14:32 +0100
  • gallery2 (2.2.1-3) unstable; urgency=high
      * Urgency high due to RC bug.
      * debian/gallery2.postrm: Add conditional block around
        sourcing.  (Thanks to Matthew Johnson.  Closes: #416749)
      * Add Spanish translation of debconf templates.  (Thanks to Rudy Godoy.
        Closes: #423680)
     -- Ubuntu Archive Auto-Sync <email address hidden>   Thu,  14 Jun 2007 08:53:22 +0100