From ${URL} : Description Two vulnerabilities have been reported in Gallery, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain input related to Uploadify and flowplayer is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. The vulnerabilities are reported in versions prior to 3.0.8. Solution Update to version 3.0.8. Provided and/or discovered by The vendor credits Mala and Dhaval Chauhan. Original Advisory Gallery: http://galleryproject.org/gallery_3_0_8 @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
maintainers: ping, okay to stable?
no response from maintainers over a month, go stabilize it. Arches, please test and mark stable: =www-apps/gallery-3.0.9 target KEYWORDS="amd64 hppa ppc ppc64 x86"
Stable for HPPA.
amd64 and x86 stable
ppc stable
ppc64 stable
Thanks for your work. GLSA vote: no
GLSA vote: no. Closing as [noglsa]