Bug 121977 - www-apps/gallery - minor security issue
Bug#: 121977 Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Other Status: RESOLVED Severity: normal Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: rl03@gentoo.org
Component: Vulnerabilities
URL:  http://gallery.menalto.com/
Summary: www-apps/gallery - minor security issue
Keywords:  
Status Whiteboard: B4? [noglsa] jaervosz
Opened: 2006-02-07 06:10 0000
Description:   Opened: 2006-02-07 06:10 0000 
- A very major data loss issue with the zip download component. If a zip file
is not successfully created, Gallery 1.5.2 and Gallery 1.5.2-pl1 will try and
delete many more files than they should.
- A very minor security problem where a user with write access to a server
could create a specially formatted file, coerce someone with owner privileges
in the Gallery to click on a specially formatted link, which could modify
stored album data and possibly lead to local code execution. We thank Tom
Saville (seregon at bughunter dot net) and his team from Digital Armaments for
reporting this us and giving us time to get a patch out.

------- Comment #1 From Renat Lumpau 2006-02-07 06:11:59 0000 ------- 
1.5.2_p2 in CVS

------- Comment #2 From Sune Kloppenborg Jeppesen 2006-02-07 10:24:15 0000 ------- 
Arches please test and mark stable.

------- Comment #3 From Chris White (RETIRED) 2006-02-07 21:26:09 0000 ------- 
kthxx86done

------- Comment #4 From Gustavo Zacarias (RETIRED) 2006-02-08 10:13:36 0000 ------- 
sparc stable.

------- Comment #5 From Simon Stelling (RETIRED) 2006-02-08 14:13:43 0000 ------- 
amd64 stable

------- Comment #6 From Jose Luis Rivero (yoswink) 2006-02-08 18:42:41 0000 ------- 
alpha stable

------- Comment #7 From Tobias Scherbaum 2006-02-09 09:28:24 0000 ------- 
ppc stable

------- Comment #8 From René Nussbaumer 2006-02-10 00:55:01 0000 ------- 
hppa stable

------- Comment #9 From Stefan Cornelius (RETIRED) 2006-02-10 05:15:21 0000 ------- 
ready for glsa vote, i tend to NO (if we dont get enough votes in time, you may
also count this as full no ;)

------- Comment #10 From Sune Kloppenborg Jeppesen 2006-02-10 09:49:24 0000 ------- 
I vote NO.

------- Comment #11 From Thierry Carrez (RETIRED) 2006-02-10 11:30:06 0000 ------- 
No and closing.