Bug 191587 - www-apps/gallery < 2.2.3 WebDAV and Reupload Module Data Manipulation Vulnerabilities (CVE-2007-4650)
Bug#: 191587 Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: minor Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: mjf@gentoo.org
Component: Vulnerabilities
URL:  http://secunia.com/advisories/26716/
Summary: www-apps/gallery < 2.2.3 WebDAV and Reupload Module Data Manipulation Vulnerabilities (CVE-2007-4650)
Keywords:  
Status Whiteboard: B4 [glsa]
Opened: 2007-09-07 12:44 0000
Description:   Opened: 2007-09-07 12:44 0000 
Some vulnerabilities have been reported in Gallery, which can be exploited by
malicious users to manipulate data.

The vulnerabilities are caused due to unspecified errors within the WebDAV and
Reupload modules, which can be exploited to e.g. rename items, change item
properties, replace items, or edit item data via WebDAV.

The vulnerabilities are reported in versions prior to 2.2.3.

------- Comment #1 From Matt Fleming (RETIRED) 2007-09-07 12:45:44 0000 ------- 
CC'ing herd and setting whiteboard status.

------- Comment #2 From Gunnar Wrobel 2007-09-07 14:43:01 0000 ------- 
Gallery-2.2.3 is in the tree.

Since 2.1.2 is apparently vulnerable these are the target archs for
stabilization:

alpha amd64 hppa ppc ppc64 sparc x86

------- Comment #3 From Jeroen Roovers 2007-09-07 15:35:45 0000 ------- 
Stable for HPPA.

------- Comment #4 From Tobias Scherbaum 2007-09-07 17:47:39 0000 ------- 
ppc stable

------- Comment #5 From Chris Gianelloni (RETIRED) 2007-09-07 18:21:39 0000 ------- 
amd64/x86 done

------- Comment #6 From Raúl Porcel 2007-09-09 15:53:23 0000 ------- 
alpha stable

------- Comment #7 From Markus Rothe 2007-09-09 16:22:00 0000 ------- 
ppc64 stable

------- Comment #8 From Jose Luis Rivero (yoswink) 2007-09-12 08:42:43 0000 ------- 
Installs and works fine in sparc.

@Security: we are the last, ready to vote.

------- Comment #9 From Gunnar Wrobel 2007-09-12 08:51:03 0000 ------- 
Removed the insecure versions from the tree. web-apps is done here.

------- Comment #10 From Sune Kloppenborg Jeppesen 2007-09-12 09:44:07 0000 ------- 
I tend to vote YES.

------- Comment #11 From Pierre-Yves Rofes 2007-09-12 09:45:06 0000 ------- 
I vote yes.

------- Comment #12 From Pierre-Yves Rofes 2007-09-25 09:43:10 0000 ------- 
glsa request filed.

------- Comment #13 From Pierre-Yves Rofes 2007-11-01 23:51:10 0000 ------- 
GLSA 200711-03

------- Comment #14 From Marcin Deranek 2007-11-02 10:54:32 0000 ------- 
None of the security announcements implicitly mentions gallery-1.x as affected
or not. From the announcement we could assume that gallery 1.x is affected as
all versions before gallery-2.2.3 are affected, but:
- According to page http://codex.gallery2.org/G1-G2_Comparison gallery-1.x does
not support WebDAV and does not support module system (patch required)
- Secunia website (URL provided in this bug) mentions only 'Gallery 2.x' as
affected software
This would indicate that gallery-1.x is not affected by this problem, however:

mac ~ # glsa-check -lnc affected
[A] means this GLSA was already applied,
[U] means the system is not affected and
[N] indicates that the system might be affected.

200711-03 [N] Gallery: Multiple vulnerabilities ( www-apps/gallery )
CVE-2007-4650

I do have gallery-1.5.7 installed on the system (some people still prefer
gallery-1.x as it doesn't require DB backend)

------- Comment #15 From Pierre-Yves Rofes 2007-11-11 14:48:36 0000 ------- 
glsa-200711-03.xml finally fixed, thanks for the info.