Launchpad.net

CVE 2007-4650

Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to (1) rename items, (2) read and modify item properties, or (3) lock and replace items via unknown vectors in (a) the WebDAV module; and (4) edit unspecified data files using "linked items" in WebDAV and (b) Reupload modules.

Related bugs and status

CVE-2007-4650 (Candidate) is related to these bugs:

Bug #163492: CVE-2007-4650: Unauthorised editing of item properties

		In	Importance	Status
163492	CVE-2007-4650: Unauthorised editing of item properties	gallery2 (Ubuntu)	Undecided	Fix Released
163492	CVE-2007-4650: Unauthorised editing of item properties	gallery2 (Ubuntu Dapper)	Undecided	Won't Fix
163492	CVE-2007-4650: Unauthorised editing of item properties	gallery2 (Ubuntu Edgy)	Undecided	Won't Fix
163492	CVE-2007-4650: Unauthorised editing of item properties	gallery2 (Ubuntu Hardy)	Undecided	Fix Released
163492	CVE-2007-4650: Unauthorised editing of item properties	gallery2 (Ubuntu Gutsy)	Undecided	Won't Fix
163492	CVE-2007-4650: Unauthorised editing of item properties	gallery2 (Ubuntu Feisty)	Undecided	Won't Fix
163492	CVE-2007-4650: Unauthorised editing of item properties	gallery2 (Gentoo Linux)	Low	Fix Released
163492	CVE-2007-4650: Unauthorised editing of item properties	gallery2 (Fedora)	Critical	Fix Released
163492	CVE-2007-4650: Unauthorised editing of item properties	gallery2 (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugzilla.redha...
CONFIRM: http://gallery.menalto...
FEDORA: FEDORA-2007-2020
SECUNIA: 26716
SECUNIA: 26719
BID: 25580
CONFIRM: http://bugs.gentoo.org...
GENTOO: GLSA-200711-03
SECUNIA: 27502
DEBIAN: DSA-1404
SECUNIA: 27594
OSVDB: 41657
OSVDB: 41658
VUPEN: ADV-2007-3072