Several vulnerabilities have been discovered in gallery, a web-based photo album written in PHP4. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CAN-2004-1106 Jim Paris discovered a cross site scripting vulnerability which allows code to be inserted by using specially formed URLs. CVE-NOMATCH The upstream developers of gallery have fixed several cases of possible variable injection that could trick gallery to unintended actions, e.g. leaking database passwords. For the stable distribution (woody) these problems have been fixed in version 1.2.5-8woody3. For the unstable distribution (sid) these problems have been fixed in version 1.4.4-pl4-1. We recommend that you upgrade your gallery package.
Several vulnerabilities have been discovered in gallery, a web-based photo album written in PHP4. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:
Jim Paris discovered a cross site scripting vulnerability which allows code to be inserted by using specially formed URLs.
The upstream developers of gallery have fixed several cases of possible variable injection that could trick gallery to unintended actions, e.g. leaking database passwords.
For the stable distribution (woody) these problems have been fixed in version 1.2.5-8woody3.
For the unstable distribution (sid) these problems have been fixed in version 1.4.4-pl4-1.
We recommend that you upgrade your gallery package.
MD5 checksums of the listed files are available in the original advisory.
Vulmon