FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gallery -- multiple vulnerabilities

Affected packages
gallery3 < 3.0.9

Details

VuXML ID 9b037a0d-ef2c-11e2-b4a0-8c705af55518
Discovery 2013-06-28
Entry 2013-07-17

Red Hat Security Response Team reports:

Gallery upstream has released 3.0.9 version, correcting two security flaws:

Issue #1 - Improper stripping of URL fragments in flowplayer SWF file might lead to reply attacks (a different flaw than CVE-2013-2138).

Issue #2 - gallery3: Multiple information exposure flaws in data rest core module.

References

CVE Name CVE-2013-2240
CVE Name CVE-2013-2241
URL http://galleryproject.org/gallery_3_0_9
URL http://sourceforge.net/apps/trac/gallery/ticket/2073
URL http://sourceforge.net/apps/trac/gallery/ticket/2074
URL https://bugzilla.redhat.com/show_bug.cgi?id=981197
URL https://bugzilla.redhat.com/show_bug.cgi?id=981198