Date: 2 Sep 2003 13:18:14 -0000 From: Thomas Vogt <thomas.vogt@bsdunix.ch> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/56313: Update www/gallery - security update Message-ID: <20030902131814.74806.qmail@conversation.bsdunix.ch> Resent-Message-ID: <200309021330.h82DUJvs006334@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 56313 >Category: ports >Synopsis: Update www/gallery - security update >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Tue Sep 02 06:30:16 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Thomas Vogt <thomas.vogt@bsdunix.ch> >Release: FreeBSD 4.8-RELEASE-p3 i386 >Organization: >Environment: System: FreeBSD conversation.bsdunix.ch 4.8-RELEASE-p3 FreeBSD 4.8-RELEASE-p3 #0: Tue Aug 12 23:10:28 CEST 2003 root@conversation.bsdunix.ch:/usr/obj/usr/src/sys/CONVERSATION i386 >Description: Bugtraq: "Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 through 1.3.4 allows remote attackers to insert arbitrary web script via the searchstring parameter." >How-To-Repeat: >Fix: Update to version 1.3.4-pl1. --- gallery.old/distinfo Tue Sep 2 14:48:28 2003 +++ gallery/distinfo Tue Sep 2 14:46:44 2003 @@ -1 +1 @@ -MD5 (gallery-1.3.4.tar.gz) = b74f829c07ed5fe08c5f81d090d7d7fb +MD5 (gallery-1.3.4-pl1.tar.gz) = eed5daf008906ce63406a917af98bb28 --- gallery.old/Makefile Tue Sep 2 14:48:28 2003 +++ gallery/Makefile Tue Sep 2 14:46:44 2003 @@ -6,7 +6,8 @@ # PORTNAME= gallery -PORTVERSION= 1.3.4 +PORTVERSION= 1.3.4-pl1 +PORTREVISION= 1 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= ${PORTNAME} >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030902131814.74806.qmail>