Ubuntu
gallery2 package

lp:ubuntu/hardy-security/gallery2

  1. Hardy (8.04)
  2. hardy-security
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/hardy-security/gallery2
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

10. By William Grant

* SECURITY UPDATE: multiple cross-site scripting, information disclosure,
  and restriction bypass vulnerabilities (LP: #242671), and arbitrary code
  execution (LP: #202422)
  - lib/smarty/plugins/modifier.regex_replace.php: Don't look past a NULL in
    the search string. Fixes possible arbitrary code execution. Patch from
    smarty upstream.
  - modules/core/ItemAdd.inc: Flatten the contents of ZIP archives if they
    are being uploaded by a user without subalbum privileges. Patch from
    upstream svn.
  - modules/core/classes/GalleryUrlGenerator.class,
    modules/rewrite/classes/parsers/modrewrite/ModRewriteUrlGenerator:
    Properly remove illegal characters from URLs. Patch from upstream svn.
  - modules/core/classes/Gallery{Embed,PhpVm}.class: More thoroughly verify
    that the remote address isn't being spoofed. Patch from upstream svn.
  - modules/password/PasswordOption.inc: Only allow password protection of
    items already password protected or albums, as single items cannot
    reliably be password protected. Patch from upstream svn.
  - modules/albumselect/Callbacks.inc: Add session permissions to keys for
    the album list cache, to avoid hidden album disclosure. Patch from
    upstream svn.
  - */MANIFEST: Drop modified files to please the browser-based installer.
  - References:
    + CVE-2008-1066
    + CVE-2008-2720
    + CVE-2008-2721
    + CVE-2008-2722
    + CVE-2008-2723
    + CVE-2008-2724

9. By Michael Schultheiss

* New upstream release (Urgency high due to security fixes.
  Closes: #457644)
* debian/control:
  + Update Standards-Version (No changes needed)
  + Add Homepage field, remove Homepage from Description
* debian/rules: No longer set DH_COMPAT (use debian/compat instead)

8. By Michael Schultheiss

Add Slovak translation of Debconf templates. (Thanks to
Ivan Masá. Closes: #441671)

7. By Michael Schultheiss

* Urgency high due to RC bug.
* debian/gallery2.postrm: Add conditional block around mysql-dropdb.sh
  sourcing. (Thanks to Matthew Johnson. Closes: #416749)
* Add Spanish translation of debconf templates. (Thanks to Rudy Godoy.
  Closes: #423680)

6. By Michael Schultheiss

* Urgency high due to RC bug
* debian/gallery2.postrm: Don't fail if debconf is not
  installed. (Closes: #416749)
* debian/control: Simplify postgresql Depends/Recommends (Closes: #419284)
* Add Dutch translation of debconf templates. (Thanks to Bart Cornelis.
  Closes: #415521)

5. By Michael Schultheiss

* l10n updates (Thanks to Christian Perrier for coordinating this
  update):
  + debian/gallery.templates: Update per recommendations from
    Helge Kreutzmann and Christian Perrier. Closes: #401459
  + Update Basque translation of debconf templates (Thanks to
    Piarres Beobide. Closes: #412410)
  + Update Czech translation of debconf templates (Thanks to
    Miroslav Kure. Closes: #412556)
  + Update French translation of debconf templates (Thanks to
    Steve Petruzzello. Closes: #412906)
  + Add Galician translation of debconf templates (Thanks to
    Jacobo Tarrio. Closes: #412363)
  + Add German translation of debconf templates (Thanks to
    Helge Kreutzmann. Closes: #401460, #412396)
  + Add Japanese translation of debconf templates (Thanks to
    Kenshi Muto. Closes: #412505)
  + Update Portuguese translation of debconf templates (Thanks to
    Rui Branco. Closes: #412395)
  + Add Russian translation of debconf templates (Thanks to
    Yuri Kozlov. Closes: #412552)
  + Update Swedish translation of debconf templates (Thanks to
    Daniel Nylander. Closes: #412390)

4. By Michael Schultheiss

* New upstream release (Closes: #383421)
  + Urgency high due to security issues
    - Fixes minor information leakage issue
    - Fixes major session ID disclosure issue
* Add Portuguese translation of debconf templates (Thanks to
  Rui Branco. Closes: #373261)
* debian/control:
  + Bump Standards Version
  + Add postgresql clients to db client dependency i
    possibilities. (Closes: #367785)
  + Changes Build-Depends-Indep on debhelper to Build-Depends, bump
    debhelper version to >= 5

3. By Michael Schultheiss

* New upstream release (Closes: #362936)
  + Bugfixes for Postgres7 (Closes: #359000, #362152)

2. By Michael Schultheiss

* New upstream release (Closes: #341270)
  + Urgency high due to security issues
    - Fixes security flaw in zipcart that could allow remote
      visitors to view sensitive files on your webserver
    - fixes an XSS issue in add-from-web
    - Obscures the naming of the install.log file

1. By Michael Schultheiss

Import upstream version 2.0.2

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/lucid/gallery2
This branch contains Public information 
Everyone can see this information.

Subscribers