oss-sec mailing list archives
Re: CVE request: Gallery multiple XSS vulnerabilities
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 14 May 2013 01:02:12 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/13/2013 01:28 AM, Henri Salo wrote:
Hello, Two XSS vulnerabilities have been fixed in gallery 3.0.7. http://osvdb.org/92691 http://osvdb.org/92740 One CVE-2013-XXXX is enough as these are fixed in the same version and same issue type. If I am correct: http://osvdb.org/92789 should be removed as duplicate of http://osvdb.org/92691 http://osvdb.org/92690 should be removed as duplicate of http://osvdb.org/92740 Please ask if you have questions. Diff between 3.0.6 - 3.0.7 below: """ git diff aa89aa0dc1610931674530169be8fd1edfceafde df9a412c5a18414ec52550e04f9672693f06421f diff --git a/gallery3/README b/gallery3/README index 7c58b69..18a2663 100644 --- a/gallery3/README +++ b/gallery3/README @@ -1,4 +1,4 @@ -Gallery 3.0.6 (Rive Gauche) +Gallery 3.0.7 (Rive Droite) =========================== About diff --git a/gallery3/modules/gallery/controllers/movies.php b/gallery3/modules/gallery/controllers/movies.php index ca332f6..5607571 100644 --- a/gallery3/modules/gallery/controllers/movies.php +++ b/gallery3/modules/gallery/controllers/movies.php @@ -67,7 +67,7 @@ class Movies_Controller extends Items_Controller { log::success("content", "Updated movie", "<a href=\"{$movie->url()}\">view</a>"); message::success( - t("Saved movie %movie_title", array("movie_title" => $movie->title))); + t("Saved movie %movie_title", array("movie_title" => html::purify($movie->title)))); if ($form->from_id->value == $movie->id) { // Use the new url; it might have changed. diff --git a/gallery3/modules/gallery/helpers/gallery.php b/gallery3/modules/gallery/helpers/gallery.php index f3382fa..81f406d 100644 --- a/gallery3/modules/gallery/helpers/gallery.php +++ b/gallery3/modules/gallery/helpers/gallery.php @@ -18,8 +18,8 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class gallery_Core { - const VERSION = "3.0.6"; - const CODE_NAME = "Rive Gauche"; + const VERSION = "3.0.7"; + const CODE_NAME = "Rive Droite"; const RELEASE_CHANNEL = "release"; const RELEASE_BRANCH = "3.0.x"; diff --git a/gallery3/modules/gallery/views/error_admin.html.php b/gallery3/modules/gallery/views/error_admin.html.php index cd1bd56..036e204 100644 --- a/gallery3/modules/gallery/views/error_admin.html.php +++ b/gallery3/modules/gallery/views/error_admin.html.php @@ -289,7 +289,7 @@ <tr> <td class="key"> <code> - <?= $key?> + <?= html::purify($key) ?> </code> </td> <td class="value"> """ --- Henri Salo
Please use CVE-2013-2087 for Gallery multiple XSS vulnerabilities - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRkeF0AAoJEBYNRVNeJnmTBO0QAK1W7UNk1DlNmNqqj6islaVN ZtMeUgnMeMBH2Kn5AdvR2O6PugqSK+sq2RymnXAuyCn6OlPVgA1o7Wz2AkRX5tyj fLDMu+pzl4+OPo53wM7v+nhQZ+2VlbBRLHR9j1iny2DM0CFo6HFGS8jCQoITIngb ZpDUzLn6X1e9sZxAP3CByexYmSog/8MkBOr2+fldCoPC5+n4BmCSHcXKYIqSzCP1 ZH02RVLhsUwBlkYlMs/99OaVof6aDBF0rfrgx2W9xw6azWXcOyg9HWXJPWH6byb8 jN+YjkVeFjM9vc265Zb2z6lj72rdCzWjnw32RX4JqC7luMyCiUwITkYGeLpqrTFc iSKDYkvXkq7oNfqkEuppI20K4Nz6JvwN5jX5B6LAUInUPp5jjQm4MWZbnclXvJ18 rvCXsbvLK1zjWZR7k/koQoBYnVfJ270cB8xCzMl1XQCac2d6xSvES3REYGMrCNbr T2N96MFKvg7HFqaAdYNhNVtR4rP44h4P0KBSNF6OonQDnq6Py7FkqpLmESE0jerS yUEaqnYd/Bv9s6/kYufThf5DsEyHZRiXySuOtDqCWyv385dS6HfUvZzsLQ8e7szg FOk7vqSo3zT9XxJZO+LM/1D7/dGUL0D3RiSWX/Cm4cuQme7sLxBdiU/QlCix5+nH yg0wJGjjDW8AydYJeWW4 =WANh -----END PGP SIGNATURE-----
Current thread:
- CVE request: Gallery multiple XSS vulnerabilities Henri Salo (May 13)
- Re: CVE request: Gallery multiple XSS vulnerabilities Kurt Seifried (May 14)