Package: gallery Version: unavailable; reported 2005-01-26 Severity: wishlist
Several days ago, Rafel Ivgi informed the developers of Gallery of a possible cross site scripting (definition: http://en.wikipedia.org/wiki/Cross_site_scripting) problem in current versions of Gallery. The problem and some similar problems discovered by our team has been addressed in Gallery 2 CVS as well as in this release of 1.4.4-pl5.
As with most other cross site scripting problems, no risk is posed to the webserver itself or any non-Gallery data, but a Gallery install could be compromised using appropriate code.
In addition to the security fix, Gallery 1.4.4-pl5 uses the proper parameters for new versions of ImageMagick and fixes some small issues with PHP 5.
All Gallery users are strongly urged to upgrade to 1.4.4-pl5 immediately, which fixes this problem and will secure your system.
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
