ports/56313: Update www/gallery - security update
Thomas Vogt
thomas.vogt at bsdunix.ch
Tue Sep 2 13:30:26 UTC 2003
>Number: 56313
>Category: ports
>Synopsis: Update www/gallery - security update
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Tue Sep 02 06:30:16 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: Thomas Vogt <thomas.vogt at bsdunix.ch>
>Release: FreeBSD 4.8-RELEASE-p3 i386
>Organization:
>Environment:
System: FreeBSD conversation.bsdunix.ch 4.8-RELEASE-p3 FreeBSD 4.8-RELEASE-p3 #0: Tue Aug 12 23:10:28 CEST 2003 root at conversation.bsdunix.ch:/usr/obj/usr/src/sys/CONVERSATION i386
>Description:
Bugtraq:
"Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1
through 1.3.4 allows remote attackers to insert arbitrary web script via
the searchstring parameter."
>How-To-Repeat:
>Fix:
Update to version 1.3.4-pl1.
--- gallery.old/distinfo Tue Sep 2 14:48:28 2003
+++ gallery/distinfo Tue Sep 2 14:46:44 2003
@@ -1 +1 @@
-MD5 (gallery-1.3.4.tar.gz) = b74f829c07ed5fe08c5f81d090d7d7fb
+MD5 (gallery-1.3.4-pl1.tar.gz) = eed5daf008906ce63406a917af98bb28
--- gallery.old/Makefile Tue Sep 2 14:48:28 2003
+++ gallery/Makefile Tue Sep 2 14:46:44 2003
@@ -6,7 +6,8 @@
#
PORTNAME= gallery
-PORTVERSION= 1.3.4
+PORTVERSION= 1.3.4-pl1
+PORTREVISION= 1
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= ${PORTNAME}
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list