Some vulnerabilities have been reported in Gallery, which can be exploited by malicious users to manipulate data.
The vulnerabilities are caused due to unspecified errors within the WebDAV and Reupload modules, which can be exploited to e.g. rename items, change item properties, replace items, or edit item data via WebDAV.
The vulnerabilities are reported in versions prior to 2.2.3.
CC'ing herd and setting whiteboard status.
Gallery-2.2.3 is in the tree.
Since 2.1.2 is apparently vulnerable these are the target archs for stabilization:
alpha amd64 hppa ppc ppc64 sparc x86
Stable for HPPA.
Installs and works fine in sparc.
@Security: we are the last, ready to vote.
Removed the insecure versions from the tree. web-apps is done here.
I tend to vote YES.
I vote yes.
glsa request filed.
None of the security announcements implicitly mentions gallery-1.x as affected or not. From the announcement we could assume that gallery 1.x is affected as all versions before gallery-2.2.3 are affected, but:
- According to page http://codex.gallery2.org/G1-G2_Comparison gallery-1.x does not support WebDAV and does not support module system (patch required)
- Secunia website (URL provided in this bug) mentions only 'Gallery 2.x' as affected software
This would indicate that gallery-1.x is not affected by this problem, however:
mac ~ # glsa-check -lnc affected
[A] means this GLSA was already applied,
[U] means the system is not affected and
[N] indicates that the system might be affected.
200711-03 [N] Gallery: Multiple vulnerabilities ( www-apps/gallery ) CVE-2007-4650
I do have gallery-1.5.7 installed on the system (some people still prefer gallery-1.x as it doesn't require DB backend)
glsa-200711-03.xml finally fixed, thanks for the info.