First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 213322
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Hanno Boeck <hanno@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 213322 depends on: 212147 Show dependency tree
Bug 213322 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2008-03-13 23:17 0000 
Current gallery is affected by CVE-2008-1066, upstream informed, they'll update
with the next release.

------- Comment #1 From Tobias Sager 2008-06-12 05:43:20 0000 ------- 
Fixed in 2.2.5?
http://gallery.menalto.com/gallery_2.2.5_released

------- Comment #2 From Gunnar Wrobel 2008-06-20 15:28:18 0000 ------- 
No, still smarty 2.6.16

------- Comment #3 From Richard Freeman 2008-09-18 10:29:15 0000 ------- 
Looks like a new release is available:

http://gallery.menalto.com/gallery_2.2.6_released

------- Comment #4 From Hanno Boeck 2008-09-18 10:46:13 0000 ------- 
They seem to consider this very low priority, they've still not bumped in
2.2.6. I had a discussion with upstream about that and they said it only
affects the rare case where external modules use that function and they
probably won't update before 2.3 final.

------- Comment #5 From Stefan Behte 2008-11-30 17:32:06 0000 ------- 
CVE-2008-1066 says:
The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used by
Serendipity (S9Y) and other products, allows attackers to call arbitrary PHP
functions via templates, related to a '\0' character in a search string. 

Changing to B1.

http://gallery.menalto.com/ -> "Gallery 2.3 (Skidoo) Released!", we also have
it in tree. Is this fixed now!?

------- Comment #6 From Robert Buchholz 2008-11-30 17:59:57 0000 ------- 
I disagree with the B1 rating. Users should not be allowed to submit templates
to exploit this issue. It does not happen within the gallery version we ship,
so our whole package is not vulnerable to this. It might only be a problem if
external modules are being used.

Hanno, did you check whether they included an update to smarty in this 2.3
release?

------- Comment #7 From Hanno Boeck 2008-11-30 19:31:14 0000 ------- 
The bundled smarty is bumped in 2.3. I agree this is not a grave issue, so we
should probably just try to get 2.3 stable soon and then close this.

------- Comment #8 From Gunnar Wrobel 2008-12-03 00:09:10 0000 ------- 
www-apps/gallery/gallery-2.3 should be marked for stabilization then, right?

Targets:

  alpha amd64 hppa ppc ppc64 sparc x86

------- Comment #9 From Richard Freeman 2008-12-03 01:10:39 0000 ------- 
amd64 stable

------- Comment #10 From Brent Baude 2008-12-03 14:17:16 0000 ------- 
ppc64 done

------- Comment #11 From Jeroen Roovers 2008-12-03 16:10:26 0000 ------- 
Stable for HPPA.

------- Comment #12 From Raúl Porcel 2008-12-05 09:38:27 0000 ------- 
alpha/sparc/x86 stable

------- Comment #13 From Tobias Scherbaum 2008-12-06 18:56:47 0000 ------- 
ppc stable

------- Comment #14 From Gunnar Wrobel 2008-12-07 07:01:35 0000 ------- 
removed vulnerable versions. webapps done.

------- Comment #15 From Stefan Behte 2009-01-05 21:56:17 0000 ------- 
Re-Rating C4 due to rbu's comment, closing.
First Last Prev Next    No search results available      Search page      Enter new bug