> for more information see http://gallery.menalto.com/2.1.2_release
We can read there that it will only affect installations where the storage directory is web-accessible which is strongly discouraged by upstream. So I thought we would be safe, however it seems that the package doesn't follow this recommendation, and breaks the FHS at the same time. You should not be storing the gallery data under /usr/share/gallery2/ by default, it should be in /var/lib/gallery2. That would alleviate the security problem and make the package FHS compliant at the same time. Thijs
signature.asc
Description: This is a digitally signed message part
