First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 144379
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Coran <coran.fisher@gmail.com>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 144379 depends on: Show dependency tree
Show dependency graph
Bug 144379 blocks:

Additional Comments: (this is where you put emerge --info)







View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2006-08-18 23:08 0000 
request 2.1.2 ebuild of www-apps/gallery to replace 2.1.1a 

From the email:


Gallery 2.1.2 is now available for download. This release adds no new
features. It fixes a minor information leakage in Gallery 2.1 and 2.1.1a
and a major session ID disclosure in all versions prior to Gallery 2.1.
Note that these flaws only affect installations where Gallery's storage
folder is accessible directly from the web, which we strongly discourage
during the installation process.

We recommend that you upgrade to Gallery 2.1.2 ASAP.  For more
information including a quick security fix (that'll save you from having
to upgrade) please refer to:

      http://gallery.menalto.com/2.1.2_release

regards,
-Bharat

------- Comment #1 From Sune Kloppenborg Jeppesen 2006-08-19 08:58:39 0000 ------- 
web-apps please advise and provide an updated ebuild as necessary.

------- Comment #2 From Renat Lumpau 2006-08-21 08:38:41 0000 ------- 
in CVS

------- Comment #3 From Sune Kloppenborg Jeppesen 2006-08-21 11:17:34 0000 ------- 
Arches please test and mark stable.

------- Comment #4 From Christian Faulhammer 2006-08-21 16:42:55 0000 ------- 
1) emerges fine
2) passes collision test

Portage 2.1-r2 (default-linux/x86/2006.0, gcc-3.4.6, glibc-2.3.6-r4,
2.6.17-gentoo-r4 i686)
=================================================================
System uname: 2.6.17-gentoo-r4 i686 AMD Athlon(tm) XP 2500+
Gentoo Base System version 1.12.4
app-admin/eselect-compiler: [Not Present]
dev-lang/python:     2.4.3-r1
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r3
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/X11/xkb"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/splash
/etc/terminfo"
CXXFLAGS="-O2"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache collision-protect distlocks metadata-transfer
parallel-fetch sandbox sfperms strict test"
GENTOO_MIRRORS="ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo/"
LANG="de_DE@euro"
LC_ALL="de_DE@euro"
LINGUAS="de"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.informatik.rwth-aachen.de/gentoo-portage"
USE="x86 3dnow 3dnowext X Xaw3d a52 alsa arts artworkextra asf audiofile avi
bash-completion beagle berkdb bidi bitmap-fonts bootsplash branding bzip2 cairo
cdda cddb cdparanoia cdr cli cracklib crypt css cups curl custom-cflags dbus
dga directfb divx4linux dlloader dri dts dvd dvdr dvdread dvi eds emacs emboss
encode esd evo exif expat fam fat fbcon ffmpeg firefox foomaticdb fortran ftp
gb gcj gdbm gif gnome gpm gstreamer gtk gtk2 gtkhtml hal icq idn imagemagick
imap imlib ipv6 isdnlog java javascript jikes jpeg jpeg2k ldap leim libg++
libwww lm_sensors mad maildir matroska mbox mikmod mime mmx mmxext mng mono
motif mp3 mpeg mpeg2 mule nautilus ncurses nforce2 nls nocardbus nptl nptlonly
nsplugin nvidia objc ogg opengl pam pcre pdf pdflib perl plotutils pmu png ppds
pppd preview-latex print python qt3 qt4 quicktime readline reflection reiserfs
samba sdk session slang spell spl sse ssl svg svga t1lib tcltk tcpd tetex
theora thunderbird tiff truetype truetype-fonts type1-fonts udev usb vcd videos
vorbis win32codecs wmf wxwindows xine xml xorg xosd xv xvid zlib elibc_glibc
input_devices_mouse input_devices_keyboard kernel_linux linguas_de userland_GNU
video_cards_radeon video_cards_vesa video_cards_fbdev"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS,
PORTAGE_RSYNC_EXTRA_OPTS

------- Comment #5 From Jason Wever (RETIRED) 2006-08-21 19:12:53 0000 ------- 
Stable on SPARC

------- Comment #6 From Thomas Cort (RETIRED) 2006-08-21 20:47:06 0000 ------- 
alpha stable.

------- Comment #7 From Joshua Jackson 2006-08-21 20:50:51 0000 ------- 
please tell me there won't be any more security bugs for gallery this year?
X_X;; x86 gone, and I don't want to see gallery again for a long long while.

------- Comment #8 From Thomas Cort (RETIRED) 2006-08-21 21:11:22 0000 ------- 
amd64 stable.

------- Comment #9 From Tobias Scherbaum 2006-08-22 04:13:32 0000 ------- 
ppc also stable

------- Comment #10 From Markus Rothe 2006-08-22 06:58:58 0000 ------- 
ppc64 stable

------- Comment #11 From René Nussbaumer 2006-08-23 05:59:46 0000 ------- 
stable on hppa

------- Comment #12 From Raphael Marichez 2006-08-26 07:25:03 0000 ------- 
i vote no-glsa

------- Comment #13 From Raphael Marichez 2006-08-28 02:48:03 0000 ------- 
heya sec team, holidays have finished, please vote :)

------- Comment #14 From Sune Kloppenborg Jeppesen 2006-08-29 11:14:01 0000 ------- 
Voting NO and closing.
First Last Prev Next    No search results available      Search page      Enter new bug