CVE-2007-4650: Unauthorised editing of item properties
Bug #163492 reported by
William Grant
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| gallery2 (Debian) |
Fix Released
|
Unknown
|
|||
| gallery2 (Fedora) |
Fix Released
|
Critical
|
|||
| gallery2 (Gentoo Linux) |
Fix Released
|
Low
|
|||
| gallery2 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| Dapper |
Won't Fix
|
Undecided
|
Unassigned | ||
| Edgy |
Won't Fix
|
Undecided
|
Unassigned | ||
| Feisty |
Won't Fix
|
Undecided
|
Unassigned | ||
| Gutsy |
Won't Fix
|
Undecided
|
Unassigned | ||
| Hardy |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: gallery2
Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to (1) rename items, (2) read and modify item properties, or (3) lock and replace items via unknown vectors in (a) the WebDAV module; and (4) edit unspecified data files using "linked items" in WebDAV and (b) Reupload modules.
Dapper -> Gutsy are affected; Hardy was fixed by a Debian sync.
CVE References
Revision history for this message
|
|
#8 |
Revision history for this message
|
|
#9 |
Revision history for this message
|
|
#10 |
| Changed in gallery2: | |
| status: | New → Fix Released |
| assignee: | nobody → fujitsu |
| status: | New → In Progress |
| assignee: | nobody → fujitsu |
| status: | New → In Progress |
| assignee: | nobody → fujitsu |
| status: | New → In Progress |
| Changed in gallery2: | |
| assignee: | nobody → fujitsu |
| status: | New → In Progress |
| Changed in gallery2: | |
| status: | Unknown → Fix Released |
| Changed in gallery2: | |
| status: | Unknown → Fix Released |
| Changed in gallery2: | |
| status: | In Progress → Triaged |
| status: | In Progress → Triaged |
| status: | In Progress → Triaged |
| status: | In Progress → Triaged |
Revision history for this message
| Emanuele Gentili (emgent) wrote | #1 |
| Changed in gallery2: | |
| status: | Unknown → New |
| Changed in gallery2: | |
| status: | New → Fix Released |
| Changed in gallery2: | |
| status: | Triaged → Won't Fix |
Revision history for this message
| LumpyCustard (orangelumpycustard) wrote | #3 |
| Changed in gallery2: | |
| status: | Triaged → Won't Fix |
Revision history for this message
| Sergio Zanchetta (primes2h) wrote | #5 |
| Changed in gallery2 (Ubuntu Gutsy): | |
| status: | Triaged → Won't Fix |
| Changed in gallery2 (Ubuntu Gutsy): | |
| assignee: | William Grant (wgrant) → nobody |
| Changed in gallery2 (Ubuntu Feisty): | |
| assignee: | William Grant (wgrant) → nobody |
| Changed in gallery2 (Ubuntu Dapper): | |
| assignee: | William Grant (wgrant) → nobody |
| Changed in gallery2 (Ubuntu Edgy): | |
| assignee: | William Grant (wgrant) → nobody |
| Changed in gallery2 (Gentoo Linux): | |
| importance: | Unknown → Low |
Revision history for this message
| Jamie Strandboge (jdstrand) wrote | #6 |
| Changed in gallery2 (Ubuntu Dapper): | |
| status: | Triaged → Won't Fix |
| Changed in gallery2 (Fedora): | |
| importance: | Unknown → Critical |
To post a comment you must log in.
Description of problem:
gallery 2.2.3 has been released as security update.