Re: CVE request: Gallery multiple XSS vulnerabilities

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/13/2013 01:28 AM, Henri Salo wrote:
> Hello,
>
> Two XSS vulnerabilities have been fixed in gallery 3.0.7.
>
> http://osvdb.org/92691 http://osvdb.org/92740
>
> One CVE-2013-XXXX is enough as these are fixed in the same version
> and same issue type.
>
> If I am correct: http://osvdb.org/92789 should be removed as
> duplicate of http://osvdb.org/92691 http://osvdb.org/92690 should
> be removed as duplicate of http://osvdb.org/92740
>
> Please ask if you have questions.
>
> Diff between 3.0.6 - 3.0.7 below:
>
> """ git diff aa89aa0dc1610931674530169be8fd1edfceafde
> df9a412c5a18414ec52550e04f9672693f06421f diff --git
> a/gallery3/README b/gallery3/README index 7c58b69..18a2663 100644 
> --- a/gallery3/README +++ b/gallery3/README @@ -1,4 +1,4 @@ 
> -Gallery 3.0.6 (Rive Gauche) +Gallery 3.0.7 (Rive Droite) 
> ===========================
>
> About diff --git a/gallery3/modules/gallery/controllers/movies.php
> b/gallery3/modules/gallery/controllers/movies.php index
> ca332f6..5607571 100644 ---
> a/gallery3/modules/gallery/controllers/movies.php +++
> b/gallery3/modules/gallery/controllers/movies.php @@ -67,7 +67,7 @@
> class Movies_Controller extends Items_Controller {
>
> log::success("content", "Updated movie", "<a
> href=\"{$movie->url()}\">view</a>"); message::success( -
> t("Saved movie %movie_title", array("movie_title" =>
> $movie->title))); +        t("Saved movie %movie_title",
> array("movie_title" => html::purify($movie->title))));
>
> if ($form->from_id->value == $movie->id) { // Use the new url; it
> might have changed. diff --git
> a/gallery3/modules/gallery/helpers/gallery.php
> b/gallery3/modules/gallery/helpers/gallery.php index
> f3382fa..81f406d 100644 ---
> a/gallery3/modules/gallery/helpers/gallery.php +++
> b/gallery3/modules/gallery/helpers/gallery.php @@ -18,8 +18,8 @@ *
> Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
> 02110-1301, USA. */ class gallery_Core { -  const VERSION =
> "3.0.6"; -  const CODE_NAME = "Rive Gauche"; +  const VERSION =
> "3.0.7"; +  const CODE_NAME = "Rive Droite"; const RELEASE_CHANNEL
> = "release"; const RELEASE_BRANCH = "3.0.x";
>
> diff --git a/gallery3/modules/gallery/views/error_admin.html.php
> b/gallery3/modules/gallery/views/error_admin.html.php index
> cd1bd56..036e204 100644 ---
> a/gallery3/modules/gallery/views/error_admin.html.php +++
> b/gallery3/modules/gallery/views/error_admin.html.php @@ -289,7
> +289,7 @@ <tr> <td class="key"> <code> -                    <?=
> $key?> +                    <?= html::purify($key) ?> </code> 
> </td> <td class="value"> """
>
> --- Henri Salo

Please use CVE-2013-2087 for Gallery multiple XSS vulnerabilities

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRkeF0AAoJEBYNRVNeJnmTBO0QAK1W7UNk1DlNmNqqj6islaVN
ZtMeUgnMeMBH2Kn5AdvR2O6PugqSK+sq2RymnXAuyCn6OlPVgA1o7Wz2AkRX5tyj
fLDMu+pzl4+OPo53wM7v+nhQZ+2VlbBRLHR9j1iny2DM0CFo6HFGS8jCQoITIngb
ZpDUzLn6X1e9sZxAP3CByexYmSog/8MkBOr2+fldCoPC5+n4BmCSHcXKYIqSzCP1
ZH02RVLhsUwBlkYlMs/99OaVof6aDBF0rfrgx2W9xw6azWXcOyg9HWXJPWH6byb8
jN+YjkVeFjM9vc265Zb2z6lj72rdCzWjnw32RX4JqC7luMyCiUwITkYGeLpqrTFc
iSKDYkvXkq7oNfqkEuppI20K4Nz6JvwN5jX5B6LAUInUPp5jjQm4MWZbnclXvJ18
rvCXsbvLK1zjWZR7k/koQoBYnVfJ270cB8xCzMl1XQCac2d6xSvES3REYGMrCNbr
T2N96MFKvg7HFqaAdYNhNVtR4rP44h4P0KBSNF6OonQDnq6Py7FkqpLmESE0jerS
yUEaqnYd/Bv9s6/kYufThf5DsEyHZRiXySuOtDqCWyv385dS6HfUvZzsLQ8e7szg
FOk7vqSo3zT9XxJZO+LM/1D7/dGUL0D3RiSWX/Cm4cuQme7sLxBdiU/QlCix5+nH
yg0wJGjjDW8AydYJeWW4
=WANh
-----END PGP SIGNATURE-----