oss-sec mailing list archives
Re: CVE Request (gallery2)
From: Hanno Böck <hanno () hboeck de>
Date: Fri, 19 Sep 2008 04:40:16 +0200
Am Thursday 18 September 2008 schrieb Josh Bressers:
A new version of Gallery 2 is out that fixes three security flaws: http://gallery.menalto.com/gallery_2.2.6_released http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499408
" Insecure cookies over HTTPS - When accessing Gallery over HTTPS, cookies were missing the "secure" flag, leaving the connection vulnerable to cookie sniffing attacks. The Gallery team would like to thank Hanno Boeck for bringing this issue to our attention." CVE-2008-3662 for this one. -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: hanno () hboeck de
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- CVE Request (gallery2) Josh Bressers (Sep 18)
- Re: CVE Request (gallery2) Hanno Böck (Sep 18)
- Re: CVE Request (gallery2) Steven M. Christey (Sep 23)