diff options
| author | Simon L. B. Nielsen <simon@FreeBSD.org> | 2007-12-29 19:49:43 +0000 |
|---|---|---|
| committer | Simon L. B. Nielsen <simon@FreeBSD.org> | 2007-12-29 19:49:43 +0000 |
| commit | b2e25aed38ea32b9846ae7f8c40a6f5dd3d75a54 (patch) | |
| tree | 78950cd5a355f8561106642db90a2cfdd47218d6 /security/vuxml/vuln.xml | |
| parent | 46ad8eff2886fa06c87226de5b7099adc3238d5d (diff) | |
| download | ports-b2e25aed38ea32b9846ae7f8c40a6f5dd3d75a54.tar.gz ports-b2e25aed38ea32b9846ae7f8c40a6f5dd3d75a54.zip | |
Notes
Diffstat (limited to 'security/vuxml/vuln.xml')
| -rw-r--r-- | security/vuxml/vuln.xml | 45 |
1 files changed, 40 insertions, 5 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 33c678206970..524eef4dd749 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,9 +34,8 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> - <vuln vid="4aab7bcd-b294-11dc-a6f0-00a0cce0781e"> - <topic> gallery2--Multiple vulnerabilities </topic> + <topic>gallery2 -- multiple vulnerabilities</topic> <affects> <package> <name>gallery2</name> @@ -45,18 +44,54 @@ Note: Please add new entries to the beginning of this file. </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> - <p>gallery.menalto.com:</p> + <p>The Gallery team reports:</p> <blockquote cite="http://gallery.menalto.com/gallery_2.2.4_released"> - <p>Multiple vulnerabilities, see references for details.</p> + <p>Gallery 2.2.4 addresses the following security + vulnerabilities:</p> + <ul> + <li>Publish XP module - Fixed unauthorized album creation + and file uploads.</li> + <li>URL rewrite module - Fixed local file inclusion + vulnerability in unsecured admin controller and + information disclosure in hotlink protection.</li> + <li>Core / add-item modules - Fixed Cross Site Scripting + (XSS) vulnerabilities through malicious file names.</li> + <li>Installation (Gallery application) - Update + web-accessibility protection of the storage folder for + Apache 2.2.</li> + <li>Core (Gallery application) / MIME module - Fixed + vulnerability in checks for disallowed file extensions + in file uploads.</li> + <li>Gallery Remote module - Added missing permissions + checks for some GR commands.</li> + <li>WebDAV module - Fixed Cross Site Scripting (XSS) + vulnerability through HTTP PROPPATCH.</li> + <li>WebDAV module - Fixed information (item data) + disclosure in a WebDAV view.</li> + <li>Comment module - Fixed information (item data) + disclosure in comment views.</li> + <li>Core module (Gallery application) - Improved + resilience against item information disclosure + attacks.</li> + <li>Slideshow module - Fixed information (item data) + disclosure in the slideshow.</li> + <li>Print modules - Fixed information (item data) + disclosure in several print modules.</li> + <li>Core / print modules - Fixed arbitrary URL redirection + (phishing attacks) in the core module and several print + modules.</li> + <li>WebCam module - Fixed proxied request weakness.</li> + </ul> </blockquote> </body> </description> <references> - <url>http://gallery.menalto.com/gallery_2.2.4_released</url> + <url>http://gallery.menalto.com/gallery_2.2.4_released</url> </references> <dates> <discovery>2007-12-24</discovery> <entry>2007-12-25</entry> + <modified>2007-12-29</modified> </dates> </vuln> |