121977 2006-02-07 06:10 0000 www-apps/gallery - minor security issue 2006-02-10 11:30:06 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Other RESOLVED FIXED http://gallery.menalto.com/ B4? [noglsa] jaervosz P2 normal --- 1 rl03@gentoo.org security@gentoo.org rl03@gentoo.org 2006-02-07 06:10:50 0000 - A very major data loss issue with the zip download component. If a zip file is not successfully created, Gallery 1.5.2 and Gallery 1.5.2-pl1 will try and delete many more files than they should. - A very minor security problem where a user with write access to a server could create a specially formatted file, coerce someone with owner privileges in the Gallery to click on a specially formatted link, which could modify stored album data and possibly lead to local code execution. We thank Tom Saville (seregon at bughunter dot net) and his team from Digital Armaments for reporting this us and giving us time to get a patch out. rl03@gentoo.org 2006-02-07 06:11:59 0000 1.5.2_p2 in CVS jaervosz@gentoo.org 2006-02-07 10:24:15 0000 Arches please test and mark stable. chriswhite@gentoo.org 2006-02-07 21:26:09 0000 kthxx86done gustavoz@gentoo.org 2006-02-08 10:13:36 0000 sparc stable. blubb@gentoo.org 2006-02-08 14:13:43 0000 amd64 stable yoswink@gentoo.org 2006-02-08 18:42:41 0000 alpha stable dertobi123@gentoo.org 2006-02-09 09:28:24 0000 ppc stable killerfox@gentoo.org 2006-02-10 00:55:01 0000 hppa stable dercorny@gentoo.org 2006-02-10 05:15:21 0000 ready for glsa vote, i tend to NO (if we dont get enough votes in time, you may also count this as full no ;) jaervosz@gentoo.org 2006-02-10 09:49:24 0000 I vote NO. koon@gentoo.org 2006-02-10 11:30:06 0000 No and closing.