lp:ubuntu/hardy-security/gallery2
- Get this branch:
- bzr branch lp:ubuntu/hardy-security/gallery2
Branch merges
Branch information
Recent revisions
- 10. By William Grant
-
* SECURITY UPDATE: multiple cross-site scripting, information disclosure,
and restriction bypass vulnerabilities (LP: #242671), and arbitrary code
execution (LP: #202422)
- lib/smarty/plugins/ modifier. regex_replace. php: Don't look past a NULL in
the search string. Fixes possible arbitrary code execution. Patch from
smarty upstream.
- modules/core/ItemAdd. inc: Flatten the contents of ZIP archives if they
are being uploaded by a user without subalbum privileges. Patch from
upstream svn.
- modules/core/classes/ GalleryUrlGener ator.class,
modules/rewrite/ classes/ parsers/ modrewrite/ ModRewriteUrlGe nerator:
Properly remove illegal characters from URLs. Patch from upstream svn.
- modules/core/classes/ Gallery{ Embed,PhpVm} .class: More thoroughly verify
that the remote address isn't being spoofed. Patch from upstream svn.
- modules/password/ PasswordOption. inc: Only allow password protection of
items already password protected or albums, as single items cannot
reliably be password protected. Patch from upstream svn.
- modules/albumselect/ Callbacks. inc: Add session permissions to keys for
the album list cache, to avoid hidden album disclosure. Patch from
upstream svn.
- */MANIFEST: Drop modified files to please the browser-based installer.
- References:
+ CVE-2008-1066
+ CVE-2008-2720
+ CVE-2008-2721
+ CVE-2008-2722
+ CVE-2008-2723
+ CVE-2008-2724 - 9. By Michael Schultheiss
-
* New upstream release (Urgency high due to security fixes.
Closes: #457644)
* debian/control:
+ Update Standards-Version (No changes needed)
+ Add Homepage field, remove Homepage from Description
* debian/rules: No longer set DH_COMPAT (use debian/compat instead) - 8. By Michael Schultheiss
-
Add Slovak translation of Debconf templates. (Thanks to
Ivan Masá. Closes: #441671) - 7. By Michael Schultheiss
-
* Urgency high due to RC bug.
* debian/gallery2. postrm: Add conditional block around mysql-dropdb.sh
sourcing. (Thanks to Matthew Johnson. Closes: #416749)
* Add Spanish translation of debconf templates. (Thanks to Rudy Godoy.
Closes: #423680) - 6. By Michael Schultheiss
-
* Urgency high due to RC bug
* debian/gallery2. postrm: Don't fail if debconf is not
installed. (Closes: #416749)
* debian/control: Simplify postgresql Depends/Recommends (Closes: #419284)
* Add Dutch translation of debconf templates. (Thanks to Bart Cornelis.
Closes: #415521) - 5. By Michael Schultheiss
-
* l10n updates (Thanks to Christian Perrier for coordinating this
update):
+ debian/gallery. templates: Update per recommendations from
Helge Kreutzmann and Christian Perrier. Closes: #401459
+ Update Basque translation of debconf templates (Thanks to
Piarres Beobide. Closes: #412410)
+ Update Czech translation of debconf templates (Thanks to
Miroslav Kure. Closes: #412556)
+ Update French translation of debconf templates (Thanks to
Steve Petruzzello. Closes: #412906)
+ Add Galician translation of debconf templates (Thanks to
Jacobo Tarrio. Closes: #412363)
+ Add German translation of debconf templates (Thanks to
Helge Kreutzmann. Closes: #401460, #412396)
+ Add Japanese translation of debconf templates (Thanks to
Kenshi Muto. Closes: #412505)
+ Update Portuguese translation of debconf templates (Thanks to
Rui Branco. Closes: #412395)
+ Add Russian translation of debconf templates (Thanks to
Yuri Kozlov. Closes: #412552)
+ Update Swedish translation of debconf templates (Thanks to
Daniel Nylander. Closes: #412390) - 4. By Michael Schultheiss
-
* New upstream release (Closes: #383421)
+ Urgency high due to security issues
- Fixes minor information leakage issue
- Fixes major session ID disclosure issue
* Add Portuguese translation of debconf templates (Thanks to
Rui Branco. Closes: #373261)
* debian/control:
+ Bump Standards Version
+ Add postgresql clients to db client dependency i
possibilities. (Closes: #367785)
+ Changes Build-Depends-Indep on debhelper to Build-Depends, bump
debhelper version to >= 5 - 3. By Michael Schultheiss
-
* New upstream release (Closes: #362936)
+ Bugfixes for Postgres7 (Closes: #359000, #362152) - 2. By Michael Schultheiss
-
* New upstream release (Closes: #341270)
+ Urgency high due to security issues
- Fixes security flaw in zipcart that could allow remote
visitors to view sensitive files on your webserver
- fixes an XSS issue in add-from-web
- Obscures the naming of the install.log file
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/gallery2