Summary: | www-apps/gallery < 2.2.3 WebDAV and Reupload Module Data Manipulation Vulnerabilities (CVE-2007-4650) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Matt Fleming (RETIRED) <mjf> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/26716/ | ||
Whiteboard: | B4 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Matt Fleming (RETIRED)
2007-09-07 12:44:05 UTC
CC'ing herd and setting whiteboard status. Gallery-2.2.3 is in the tree. Since 2.1.2 is apparently vulnerable these are the target archs for stabilization: alpha amd64 hppa ppc ppc64 sparc x86 Stable for HPPA. ppc stable amd64/x86 done alpha stable ppc64 stable Installs and works fine in sparc. @Security: we are the last, ready to vote. Removed the insecure versions from the tree. web-apps is done here. I tend to vote YES. I vote yes. glsa request filed. GLSA 200711-03 None of the security announcements implicitly mentions gallery-1.x as affected or not. From the announcement we could assume that gallery 1.x is affected as all versions before gallery-2.2.3 are affected, but: - According to page http://codex.gallery2.org/G1-G2_Comparison gallery-1.x does not support WebDAV and does not support module system (patch required) - Secunia website (URL provided in this bug) mentions only 'Gallery 2.x' as affected software This would indicate that gallery-1.x is not affected by this problem, however: mac ~ # glsa-check -lnc affected [A] means this GLSA was already applied, [U] means the system is not affected and [N] indicates that the system might be affected. 200711-03 [N] Gallery: Multiple vulnerabilities ( www-apps/gallery ) CVE-2007-4650 I do have gallery-1.5.7 installed on the system (some people still prefer gallery-1.x as it doesn't require DB backend) glsa-200711-03.xml finally fixed, thanks for the info. |