[Bug 163492] CVE-2007-4650: Unauthorised editing of item properties

Sat, 17 Nov 2007 22:10:18 -0800 

Public bug reported:

Binary package hint: gallery2

Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow
attackers to (1) rename items, (2) read and modify item properties, or
(3) lock and replace items via unknown vectors in (a) the WebDAV module;
and (4) edit unspecified data files using "linked items" in WebDAV and
(b) Reupload modules.

Dapper -> Gutsy are affected; Hardy was fixed by a Debian sync.

** Affects: gallery2 (Ubuntu)
     Importance: Undecided
         Status: Fix Released

** Affects: gallery2 (Ubuntu Dapper)
     Importance: Undecided
     Assignee: William Grant (fujitsu)
         Status: In Progress

** Affects: gallery2 (Ubuntu Edgy)
     Importance: Undecided
     Assignee: William Grant (fujitsu)
         Status: In Progress

** Affects: gallery2 (Ubuntu Feisty)
     Importance: Undecided
     Assignee: William Grant (fujitsu)
         Status: In Progress

** Affects: gallery2 (Ubuntu Gutsy)
     Importance: Undecided
     Assignee: William Grant (fujitsu)
         Status: In Progress

** Affects: gallery2 (Ubuntu Hardy)
     Importance: Undecided
         Status: Fix Released

** Affects: gallery2 (Debian)
     Importance: Unknown
         Status: Unknown

** Affects: gallery2 (Fedora)
     Importance: Unknown
         Status: Unknown

** Affects: gallery2 (Gentoo Linux)
     Importance: Unknown
         Status: Unknown

** Visibility changed to: Public

** Changed in: gallery2 (Ubuntu Hardy)
       Status: New => Fix Released

** Changed in: gallery2 (Ubuntu Dapper)
     Assignee: (unassigned) => William Grant (fujitsu)
       Status: New => In Progress

** Bug watch added: Gentoo Bugzilla #191587
   http://bugs.gentoo.org/show_bug.cgi?id=191587

** Also affects: gallery2 (Gentoo Linux) via
   http://bugs.gentoo.org/show_bug.cgi?id=191587
   Importance: Unknown
       Status: Unknown

** Bug watch added: Red Hat Bugzilla #267421
   https://bugzilla.redhat.com/show_bug.cgi?id=267421

** Also affects: gallery2 (Fedora) via
   https://bugzilla.redhat.com/show_bug.cgi?id=267421
   Importance: Unknown
       Status: Unknown

** Changed in: gallery2 (Ubuntu Edgy)
     Assignee: (unassigned) => William Grant (fujitsu)
       Status: New => In Progress

** Bug watch added: Debian Bug tracker #441407
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=441407

** Also affects: gallery2 (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=441407
   Importance: Unknown
       Status: Unknown

** Changed in: gallery2 (Ubuntu Feisty)
     Assignee: (unassigned) => William Grant (fujitsu)
       Status: New => In Progress

** Changed in: gallery2 (Ubuntu Gutsy)
     Assignee: (unassigned) => William Grant (fujitsu)
       Status: New => In Progress

-- 
CVE-2007-4650: Unauthorised editing of item properties
https://bugs.launchpad.net/bugs/163492
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to