Secunia wrote: A vulnerability has been reported in Gallery, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an unspecified error when handling certain cookies, which can be exploited to gain administrative access to the application. Successful exploitation requires that "register_globals" is enabled. The vulnerability is reported in Gallery 1.x versions 1.5.8-svn-b34 and later. SOLUTION: Update to version 1.5.10. PROVIDED AND/OR DISCOVERED BY: The vendor credits John Hisdock. ORIGINAL ADVISORY: http://gallery.menalto.com/last_official_G1_releases
www-apps/gallery-1.5.10 is in the tree. Targets: alpha amd64 hppa ppc sparc x86
alpha/sparc/x86 stable
Stable for HPPA.
ppc stable
amd64 stable, all arches done.
Vote-ready.
Removed vulnerable www-apps/gallery-1.5.9. webapps done
As I may vote now, I vote YES.
This is with register_globals enabled only, so I would vote NO. That feature alone is a vulnerability and I do not think we should deal with these issues.
I thought again and and reviewed the isse, as register_globals is off by default now, I have changed my mind, I categorized the serverity wrong, this is not worth a GLSA. Sorry for this, next time I will have a deeper look into it in the beginning.