CVE-2008-272[0-4]: Lots of varied vulnerabilities
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gallery2 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Hardy |
Fix Released
|
High
|
William Grant | ||
Intrepid |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: gallery2
Intrepid is fixed, as it has 2.2.5.
~~~~
CVE-2008-2720:
Cross-site scripting (XSS) vulnerability in Menalto Gallery before 2.2.5
allows remote attackers to inject arbitrary web script or HTML via the (1)
host and (2) path components of a URL.
CVE-2008-2721:
Unspecified vulnerability in the album-select module in Menalto Gallery
before 2.2.5 allows remote attackers to obtain titles of hidden albums by
attempting to add a new album to a hidden album.
CVE-2008-2722:
Menalto Gallery before 2.2.5 allows remote attackers to bypass permissions
for sub-albums via a ZIP archive.
CVE-2008-2723:
embed.php in Menalto Gallery before 2.2.5 allows remote attackers to obtain
the full path via unknown vectors related to "spoofing the remote address."
CVE-2008-2724:
Menalto Gallery before 2.2.5 does not enforce permissions for non-album
items that have been protected by a password, which might allow remote
attackers to bypass intended access restrictions.
~~~~
Changed in gallery2: | |
status: | In Progress → Fix Committed |
Dapper -> Gutsy are probably affected. Hardy is.