Date: 2 Sep 2003 13:18:14 -0000 From: Thomas Vogt <thomas.vogt@bsdunix.ch> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/56313: Update www/gallery - security update Message-ID: <20030902131814.74806.qmail@conversation.bsdunix.ch> Resent-Message-ID: <200309021330.h82DUJvs006334@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 56313
>Category: ports
>Synopsis: Update www/gallery - security update
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Tue Sep 02 06:30:16 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: Thomas Vogt <thomas.vogt@bsdunix.ch>
>Release: FreeBSD 4.8-RELEASE-p3 i386
>Organization:
>Environment:
System: FreeBSD conversation.bsdunix.ch 4.8-RELEASE-p3 FreeBSD 4.8-RELEASE-p3 #0: Tue Aug 12 23:10:28 CEST 2003 root@conversation.bsdunix.ch:/usr/obj/usr/src/sys/CONVERSATION i386
>Description:
Bugtraq:
"Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1
through 1.3.4 allows remote attackers to insert arbitrary web script via
the searchstring parameter."
>How-To-Repeat:
>Fix:
Update to version 1.3.4-pl1.
--- gallery.old/distinfo Tue Sep 2 14:48:28 2003
+++ gallery/distinfo Tue Sep 2 14:46:44 2003
@@ -1 +1 @@
-MD5 (gallery-1.3.4.tar.gz) = b74f829c07ed5fe08c5f81d090d7d7fb
+MD5 (gallery-1.3.4-pl1.tar.gz) = eed5daf008906ce63406a917af98bb28
--- gallery.old/Makefile Tue Sep 2 14:48:28 2003
+++ gallery/Makefile Tue Sep 2 14:46:44 2003
@@ -6,7 +6,8 @@
#
PORTNAME= gallery
-PORTVERSION= 1.3.4
+PORTVERSION= 1.3.4-pl1
+PORTREVISION= 1
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= ${PORTNAME}
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030902131814.74806.qmail>