Package: gallery2 Severity: grave Tags: security patch Hi,
A security issue has been discovered in Smarty which is also shipped as part of Gallery 2: | The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used | by Serendipity (S9Y) and other products, allows attackers to call | arbitrary PHP functions via templates, related to a '0' character in | a search string. Please see the original bug in Smarty here: #469492. The patch is very straigtforward. The right solution here is to not ship Smarty as part of Gallery but make use of the smarty package that is already in the archive, because the security team now has to issue multiple DSA's for this single issue which is obviously problematic. Could you please take the following actions: * To address this bug for lenny and sid, please prepare a version of Gallery that works with the archive version of smarty; * For sarge and etch, please prepare updated packages addressing this bug and please assess and fix the following unaddressed security issues in gallery2 in etch: http://security-tracker.debian.net/tracker/source-package/gallery2 thanks, Thijs
pgpc6Je0Bn0qC.pgp
Description: PGP signature