Bug 103357

Summary:	www-apps/coppermine: Photo Gallery EXIF Data Script Insertion
Product:	Gentoo Security	Reporter:	Jean-François Brunette (RETIRED) <formula7>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	trivial	CC:	web-apps
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://secunia.com/advisories/16499/
Whiteboard:	~4 [noglsa] DerCorny
Package list:		Runtime testing required:	---

Description Jean-François Brunette (RETIRED) gentoo-dev

2005-08-22 11:03:50 UTC

Description:
A vulnerability has been reported in Coppermine Photo Gallery, which can be
exploited by malicious people to conduct script insertion attacks.

EXIF data stored in certain image files are not properly sanitised before being
displayed to users. This can be exploited to execute arbitrary script code in a
user's browser session in context of an affected site when malicious EXIF data
are viewed.

The vulnerability has been reported in versions prior to 1.3.4.

Solution:
Update to version 1.3.4.

Comment 1 Stefan Cornelius (RETIRED) gentoo-dev

2005-08-22 11:36:33 UTC

web-apps, please provide an updated ebuild, thanks. was never marked stable, so
this can probably wait until the xmlrpc-2 storm is over.

Comment 2 Renat Lumpau (RETIRED) gentoo-dev

2005-08-22 15:06:27 UTC

bumped

Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-08-22 22:06:25 UTC

Thanks Renat.