350913 – (CVE-2011-3722) <www-apps/coppermine-1.5.20: multiple vulnerabilities (CVE-2011-3722)

Bug 350913 (CVE-2011-3722) - <www-apps/coppermine-1.5.20: multiple vulnerabilities (CVE-2011-3722)

Summary: <www-apps/coppermine-1.5.20: multiple vulnerabilities (CVE-2011-3722)

Status:	RESOLVED FIXED

Alias:	CVE-2011-3722

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High trivial
Assignee:	Gentoo Security

URL:	http://forum.coppermine-gallery.net/i...
Whiteboard:	~4 [noglsa]
Keywords:

Depends on:	410971
Blocks:
	Show dependency tree

Reported:	2011-01-07 00:26 UTC by Tim Sammut (RETIRED)
Modified:	2012-07-10 22:37 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tim Sammut (RETIRED) gentoo-dev

2011-01-07 00:26:58 UTC

From $URL:

Why was cpg1.5.12 released?
The release covers a recently discovered input validation vulnerability that allows (if unpatched) a malevolent visitor to include own script routines (thread).

Comment 1 GLSAMaker/CVETool Bot gentoo-dev

2011-10-07 23:30:34 UTC

CVE-2011-3722 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3722):
  Coppermine Photo Gallery (CPG) 1.5.12 allows remote attackers to obtain
  sensitive information via a direct request to a .php file, which reveals the
  installation path in an error message, as demonstrated by
  include/inspekt.php and certain other files.

Comment 2 Matti Bickel (RETIRED) gentoo-dev

2012-06-22 22:20:03 UTC

Linking the two issues as they are both resolved by 1.5.20.

Comment 3 Sean Amoss (RETIRED) gentoo-dev

2012-07-10 22:37:24 UTC

Thanks, Matti. 

I don't see any versions that were stable, so switching to ~4. 

Closing noglsa.