| 2006-03-18 23:36:52 |
Luis Villa |
bug |
|
|
added bug |
| 2006-03-18 23:38:51 |
Luis Villa |
gallery2: severity |
Normal |
Major |
|
| 2006-03-18 23:38:51 |
Luis Villa |
gallery2: statusexplanation |
|
Since this is a security bug, marking major; I *think* this is the right thing, but since the definitions of severity/priority are unlinked, I can't know for sure. |
|
| 2006-03-19 01:33:48 |
Kevin Lamontagne |
gallery2: priority |
|
High |
|
| 2006-03-19 01:33:48 |
Kevin Lamontagne |
gallery2: statusexplanation |
Since this is a security bug, marking major; I *think* this is the right thing, but since the definitions of severity/priority are unlinked, I can't know for sure. |
|
|
| 2006-05-02 03:08:29 |
Chuck Short |
bug |
|
|
added subscriber Martin Pitt |
| 2006-06-09 18:38:09 |
Barry deFreese |
gallery2: status |
Unconfirmed |
Confirmed |
|
| 2006-08-23 21:01:33 |
Barry deFreese |
gallery2: status |
Confirmed |
Fix Released |
|
| 2006-08-23 21:01:33 |
Barry deFreese |
gallery2: statusexplanation |
|
Fixed in Edgy. If you feel that this is severe enough, please file a new bug requesting a backport for Dapper. Thank you. |
|
| 2006-08-24 15:03:14 |
Barry deFreese |
gallery2: status |
Fix Released |
Confirmed |
|
| 2006-08-24 15:03:14 |
Barry deFreese |
gallery2: statusexplanation |
Fixed in Edgy. If you feel that this is severe enough, please file a new bug requesting a backport for Dapper. Thank you. |
OK resetting to confirmed. No, it was not an 'easy' fix because Edgy has a much newer release of gallery2. If the rationale for leaving bugs open is 'fixed in all distros' will we ever close most of these bugs? Thanks. |
|
| 2007-01-06 08:09:43 |
Kai Kasurinen |
bug |
|
|
added subscriber MOTU SWAT Team |
| 2007-01-06 17:55:54 |
StefanPotyra |
gallery2: status |
Unconfirmed |
Rejected |
|
| 2007-01-06 17:55:54 |
StefanPotyra |
gallery2: statusexplanation |
|
Rejecting from breezy, gallery2 was never in breezy. |
|
| 2007-01-07 00:15:07 |
StefanPotyra |
gallery2: assignee |
|
sistpoty |
|
| 2007-01-07 00:15:07 |
StefanPotyra |
gallery2: statusexplanation |
OK resetting to confirmed. No, it was not an 'easy' fix because Edgy has a much newer release of gallery2. If the rationale for leaving bugs open is 'fixed in all distros' will we ever close most of these bugs? Thanks. |
|
|
| 2007-01-07 04:14:30 |
StefanPotyra |
gallery2: assignee |
|
sistpoty |
|
| 2007-01-07 04:14:30 |
StefanPotyra |
gallery2: statusexplanation |
|
|
|
| 2007-01-07 04:14:42 |
StefanPotyra |
gallery2: status |
Unconfirmed |
In Progress |
|
| 2007-01-07 04:17:04 |
StefanPotyra |
bug |
|
|
added attachment 'gallery2_2.0.2-1_to_2.0.2-1ubuntu0.1.debdiff' (debdiff 2.0.2-1_to_2.0.2-1ubuntu0.1) |
| 2007-01-07 06:16:29 |
StefanPotyra |
bug |
|
|
added attachment 'gallery2_2.0.2-1_to_2.0.2-1ubuntu0.1_final.debdiff' (gallery2_2.0.2-1_to_2.0.2-1ubuntu0.1_final.debdiff) |
| 2007-01-07 06:42:46 |
StefanPotyra |
gallery2: status |
In Progress |
Fix Committed |
|
| 2007-01-07 06:42:46 |
StefanPotyra |
gallery2: statusexplanation |
|
Security review notified, waiting for approval. |
|
| 2007-01-07 17:17:24 |
Kees Cook |
gallery2: status |
Confirmed |
Fix Released |
|
| 2007-01-07 17:17:24 |
Kees Cook |
gallery2: statusexplanation |
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 7 Jan 2007 06:53:48 +0100
Source: gallery2
Binary: gallery2
Architecture: source
Version: 2.0.2-1ubuntu0.1
Distribution: dapper-security
Urgency: low
Maintainer: Michael C. Schultheiss <schultmc@debian.org>
Changed-By: Stefan Potyra <sistpoty@ubuntu.com>
Description:
gallery2 - web-based photo album written in PHP
Changes:
gallery2 (2.0.2-1ubuntu0.1) dapper-security; urgency=low
.
* SECURITY UPDATE: Fix a PHP local inclusion exploit.
- add sane initialization of $stepOrder array in both
install/index.php and upgrade/index.php.
- Closes: lp#35528.
* Update MANIFEST file to match checksums of both changed files.
* References
http://gallery.menalto.com/2.0.4_and_2.1_rc_2a_update
CVE-2006-1219
Files:
007d943c8f8a11608b4e5c9ce03cf508 603 web optional gallery2_2.0.2-1ubuntu0.1.dsc
2c1cfe8fac793645a3036f3daf61d6a9 11346 web optional gallery2_2.0.2-1ubuntu0.1.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFoSFtH/9LqRcGPm0RAiwvAJwM11wN0w896h59QR9FY68Dn8G3/wCghHIW
8bQX56u9UqXodi8JsAYxqiw=
=qL1U
-----END PGP SIGNATURE-----
|
|
| 2007-01-07 17:17:48 |
Kees Cook |
gallery2: status |
Fix Committed |
Fix Released |
|
| 2007-01-07 17:17:48 |
Kees Cook |
gallery2: statusexplanation |
Security review notified, waiting for approval. |
|
|
| 2008-04-09 19:37:48 |
Kees Cook |
bug |
|
|
added subscriber Ubuntu Security Team |
| 2012-02-23 21:25:04 |
Kai Kasurinen |
removed subscriber Kai Kasurinen |
|
|
|
