oss-sec mailing list archives
CVE request: Gallery multiple XSS vulnerabilities
From: Henri Salo <henri () nerv fi>
Date: Mon, 13 May 2013 10:28:55 +0300
Hello, Two XSS vulnerabilities have been fixed in gallery 3.0.7. http://osvdb.org/92691 http://osvdb.org/92740 One CVE-2013-XXXX is enough as these are fixed in the same version and same issue type. If I am correct: http://osvdb.org/92789 should be removed as duplicate of http://osvdb.org/92691 http://osvdb.org/92690 should be removed as duplicate of http://osvdb.org/92740 Please ask if you have questions. Diff between 3.0.6 - 3.0.7 below: """ git diff aa89aa0dc1610931674530169be8fd1edfceafde df9a412c5a18414ec52550e04f9672693f06421f diff --git a/gallery3/README b/gallery3/README index 7c58b69..18a2663 100644 --- a/gallery3/README +++ b/gallery3/README @@ -1,4 +1,4 @@ -Gallery 3.0.6 (Rive Gauche) +Gallery 3.0.7 (Rive Droite) =========================== About diff --git a/gallery3/modules/gallery/controllers/movies.php b/gallery3/modules/gallery/controllers/movies.php index ca332f6..5607571 100644 --- a/gallery3/modules/gallery/controllers/movies.php +++ b/gallery3/modules/gallery/controllers/movies.php @@ -67,7 +67,7 @@ class Movies_Controller extends Items_Controller { log::success("content", "Updated movie", "<a href=\"{$movie->url()}\">view</a>"); message::success( - t("Saved movie %movie_title", array("movie_title" => $movie->title))); + t("Saved movie %movie_title", array("movie_title" => html::purify($movie->title)))); if ($form->from_id->value == $movie->id) { // Use the new url; it might have changed. diff --git a/gallery3/modules/gallery/helpers/gallery.php b/gallery3/modules/gallery/helpers/gallery.php index f3382fa..81f406d 100644 --- a/gallery3/modules/gallery/helpers/gallery.php +++ b/gallery3/modules/gallery/helpers/gallery.php @@ -18,8 +18,8 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class gallery_Core { - const VERSION = "3.0.6"; - const CODE_NAME = "Rive Gauche"; + const VERSION = "3.0.7"; + const CODE_NAME = "Rive Droite"; const RELEASE_CHANNEL = "release"; const RELEASE_BRANCH = "3.0.x"; diff --git a/gallery3/modules/gallery/views/error_admin.html.php b/gallery3/modules/gallery/views/error_admin.html.php index cd1bd56..036e204 100644 --- a/gallery3/modules/gallery/views/error_admin.html.php +++ b/gallery3/modules/gallery/views/error_admin.html.php @@ -289,7 +289,7 @@ <tr> <td class="key"> <code> - <?= $key?> + <?= html::purify($key) ?> </code> </td> <td class="value"> """ --- Henri Salo
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE request: Gallery multiple XSS vulnerabilities Henri Salo (May 13)
- Re: CVE request: Gallery multiple XSS vulnerabilities Kurt Seifried (May 14)