Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 130623 - www-apps/gallery-1.5.2_p2 vulnerability
Summary: www-apps/gallery-1.5.2_p2 vulnerability
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://gallery.menalto.com/gallery_1....
Whiteboard: B4 [noglsa] jaervosz
Keywords:
Depends on:
Blocks:
 
Reported: 2006-04-20 10:21 UTC by Renat Lumpau (RETIRED)
Modified: 2006-04-28 11:19 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Renat Lumpau (RETIRED) gentoo-dev 2006-04-20 10:21:30 UTC 
From the website:

Gallery 1.5.3 is now available for download. This release is primarily a bug fix release, but it also includes an important security fix. The fixes: 

Security: Not all user input was correctly sanitized for JavaScript injection. (Thanks to Aditya Mooley at adityamooley@sanisoft.com for reporting this and giving us plenty of time to fix it!)
Comment 1 Renat Lumpau (RETIRED) gentoo-dev 2006-04-20 10:22:14 UTC 
1.5.3 in CVS, needs stabling
Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-04-20 10:41:47 UTC 
Thx Renat.

Arches please test and mark stable.
Comment 3 Tobias Scherbaum (RETIRED) gentoo-dev 2006-04-20 12:03:30 UTC 
ppc stable
Comment 4 Chris Gianelloni (RETIRED) gentoo-dev 2006-04-20 12:26:50 UTC 
x86 is done...
Comment 5 René Nussbaumer (RETIRED) gentoo-dev 2006-04-21 14:32:16 UTC 
stable on hppa
Comment 6 Thierry Carrez (RETIRED) gentoo-dev 2006-04-22 03:01:39 UTC 
If the latest stable are OK (2.0 line) then maybe no need for a GLSA over this
Comment 7 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-04-22 03:06:51 UTC 
I don't think a GLSA is needed for this. Though we still have a few arches that has to mark stable.
Comment 8 Daniel Gryniewicz (RETIRED) gentoo-dev 2006-04-23 12:15:02 UTC 
amd64 done
Comment 9 Jose Luis Rivero (yoswink) (RETIRED) gentoo-dev 2006-04-23 16:50:41 UTC 
alpha stable.
Comment 10 Gustavo Zacarias (RETIRED) gentoo-dev 2006-04-24 06:54:47 UTC 
sparc stable.
Comment 11 Thierry Carrez (RETIRED) gentoo-dev 2006-04-28 11:19:52 UTC 
stable everywhere. As latest stable is not affected, closing without GLSA
Feel free to reopen if you disagree.