-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-11230 2008-12-13 13:58:22 --------------------------------------------------------------------------------
Name : gallery2 Product : Fedora 8 Version : 2.3 Release : 1.fc8 URL : http://gallery.menalto.com Summary : Customizable photo gallery web site Description : The base Gallery 2 installation - the equivalent of upstream's -minimal package. This package requires a database to be operational. Acceptable database backends include MySQL v 3.x, MySQL v 4.x, PostgreSQL v 7.x, PostgreSQL v 8.x, Oracle 9i, Oracle 10g, DB2, and MS SQL Server. All given package versions are minimums, greater package versions are acceptable. -------------------------------------------------------------------------------- Update Information: New version, multiple security fixes. -------------------------------------------------------------------------------- ChangeLog: * Thu Dec 4 2008 Jon Ciesla <l...@jcomserv.net> - 2.3-1 - Update to new upstream. - Rebased on tarball now that perl path issue is fixed. - Added buildroot wipe to start of install. - Escaped macros in changelog. * Wed Jun 18 2008 John Berninger <john at ncphotography dot com> - 2.2.5-1 - update to upstream 2.2.5 for security vuln fixes * Tue Apr 22 2008 John Berninger <john at ncphotography dot com> - 2.2.4-4 - don't create or own any dirs in /srv * Thu Mar 20 2008 John Berninger <john at ncphotography dot com> - 2.2.4-3 - revert to SVN snapshot so that config-time integrity checks don't fail - remove embedded copy of smarty and use php-Smarty package * Sat Dec 29 2007 John Berninger <john at ncphotography dot com) - 2.2.4-2 - BZ 279961 - allow FileInfo * Mon Dec 24 2007 Lubomir Kundrak <lkund...@redhat.com> 2.2.4-1 - A christmas present -- critical security update to 2.2.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #462883 - CVE-2008-4129 gallery2 arbitrary file disclosure https://bugzilla.redhat.com/show_bug.cgi?id=462883 [ 2 ] Bug #462870 - CVE-2008-3662 gallery2 session hijacking vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=462870 [ 3 ] Bug #462885 - CVE-2008-4130 gallery2 XSS attack https://bugzilla.redhat.com/show_bug.cgi?id=462885 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update gallery2' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce