From the Gallery website:
"Notice: The affects all versions of Gallery from 1.2 to this release:
We have discovered a well-hidden but potentially serious security flaw in these versions of Gallery which can allow a hacker to log in to your Gallery as an administrator and perform any actions on your albums. No risk is posed to the webserver-itself or any non-Gallery data. All Gallery users are very strongly urged to upgrade to 1.4.3-pl2 immediately, which fixes this serious problem and will secure your system."
Steps to Reproduce:
web-app folks: can you review/patch/bump as appropriate?
I will start drafting a GLSA for this.
Preliminary GLSA draft is in; just waiting for the ebuild and stabilization.
I don't use Gallery myself, so I unfortunately can't help with bumping it.
gallery-1.4.3_p2 is in portage...
x86 ppc sparc alpha hppa : please mark stable
Stable on alpha.
Updating status whiteboard.
Stable on sparc.
Stable on hppa.
x86, ppc : please mark app-misc/gallery-1.4.3_p2 stable.
stable on x86
Thanks everyone, this is ready for GLSA.