Accepted gallery 1.5-1sarge2 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 7 Jun 2006 00:02:52 +0000
Source: gallery
Binary: gallery
Architecture: source all
Version: 1.5-1sarge2
Distribution: stable-security
Urgency: high
Maintainer: Michael C. Schultheiss <schultmc@debian.org>
Changed-By: Michael C. Schultheiss <schultmc@debian.org>
Description:
gallery - a web-based photo album written in php
Changes:
gallery (1.5-1sarge2) stable-security; urgency=high
.
* Fix Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and
earlier that allows remote attackers to inject arbitrary web script or
HTML via EXIF data, such as the Camera Model Tag [util.php,
CVE-2005-2734]
* Fix Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 that
allows remote attackers to inject arbitrary web script or HTML via unknown
attack vectors, possibly involving the user name (fullname).
[register.php, CVE-2006-0330]
* Fix two file exposure bugs in stats module [stats.php, CVE-2006-4030]
Files:
f66813dbb5218b6cae62345331e73de0 589 web optional gallery_1.5-1sarge2.dsc
4f2cb50ce35dcdce2af96dc251ee695f 15917 web optional gallery_1.5-1sarge2.diff.gz
5fd487a3d9973eb95af4eb4ee85cf545 6570476 web optional gallery_1.5-1sarge2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFE2kj4Xm3vHE4uyloRAiq8AJ98Zo8DR98GwRC2pBb/lAR9+1GUDwCfUtpm
VgwdvU7fmejzAY5UMIc3gmM=
=VmZ/
-----END PGP SIGNATURE-----
Accepted:
gallery_1.5-1sarge2.diff.gz
to pool/main/g/gallery/gallery_1.5-1sarge2.diff.gz
gallery_1.5-1sarge2.dsc
to pool/main/g/gallery/gallery_1.5-1sarge2.dsc
gallery_1.5-1sarge2_all.deb
to pool/main/g/gallery/gallery_1.5-1sarge2_all.deb
Reply to: