blob: d77a53fd50ce00e36b7a11bc9089d1af780f21d3 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200711-03">
<title>Gallery: Multiple vulnerabilities</title>
The WebDAV and Reupload modules of Gallery contain multiple unspecified
<product type="ebuild">gallery</product>
<announced>November 01, 2007</announced>
<revised>November 11, 2007: 02</revised>
<package name="www-apps/gallery" auto="yes" arch="*">
<unaffected range="ge">2.2.3</unaffected>
<unaffected range="lt">2.0</unaffected>
<vulnerable range="lt">2.2.3</vulnerable>
Gallery is a PHP based photo album manager.
Merrick Manalastas and Nicklous Roberts have discovered multiple
vulnerabilities in the WebDAV and Reupload modules.
<impact type="low">
A remote attacker could exploit these vulnerabilities to bypass
security restrictions and rename, replace and change properties of
items, or edit item data using WebDAV.
There is no known workaround at this time.
All Gallery users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=www-apps/gallery-2.2.3&quot;</code>
<uri link="">CVE-2007-4650</uri>
<metadata tag="requester" timestamp="Tue, 25 Sep 2007 09:43:01 +0000">
<metadata tag="bugReady" timestamp="Tue, 25 Sep 2007 09:46:35 +0000">
<metadata tag="submitter" timestamp="Mon, 15 Oct 2007 18:31:52 +0000">