Your message dated Wed, 26 Jan 2005 10:17:14 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#292351: fixed in gallery 1.4.4-pl5-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 26 Jan 2005 14:11:28 +0000
>From [EMAIL PROTECTED] Wed Jan 26 06:11:28 2005
Return-path: <[EMAIL PROTECTED]>
Received: from tanzanite.amellus.net (mx1.amellus.net) [205.209.133.80]
(postfix)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CtntI-0003NX-00; Wed, 26 Jan 2005 06:11:28 -0800
Received: from cartman.hq.amellus.com (pcp969536pcs.lwrnce01.in.comcast.net
[68.58.139.203])
by mx1.amellus.net (Postfix) with ESMTP id A73491DC077
for <[EMAIL PROTECTED]>; Wed, 26 Jan 2005 07:14:38 -0700 (MST)
Received: by cartman.hq.amellus.com (Postfix, from userid 1000)
id 10C43808A; Wed, 26 Jan 2005 09:10:26 -0500 (EST)
Date: Wed, 26 Jan 2005 09:10:25 -0500
From: Michael Schultheiss <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: gallery: New upstream version available - 1.4.4-pl5
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-7.5 required=4.0 tests=BAYES_00,HAS_PACKAGE,
RISK_FREE autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: gallery
Version: unavailable; reported 2005-01-26
Severity: wishlist
Several days ago, Rafel Ivgi informed the developers of Gallery of a
possible cross site scripting (definition:
http://en.wikipedia.org/wiki/Cross_site_scripting) problem in current
versions of Gallery. The problem and some similar problems discovered by
our team has been addressed in Gallery 2 CVS as well as in this release
of 1.4.4-pl5.
As with most other cross site scripting problems, no risk is posed to
the webserver itself or any non-Gallery data, but a Gallery install
could be compromised using appropriate code.
In addition to the security fix, Gallery 1.4.4-pl5 uses the proper
parameters for new versions of ImageMagick and fixes some small issues
with PHP 5.
All Gallery users are strongly urged to upgrade to 1.4.4-pl5
immediately, which fixes this problem and will secure your system.
---------------------------------------
Received: (at 292351-close) by bugs.debian.org; 26 Jan 2005 15:23:02 +0000
>From [EMAIL PROTECTED] Wed Jan 26 07:23:02 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Ctp0Y-000705-00; Wed, 26 Jan 2005 07:23:02 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1Ctouw-000549-00; Wed, 26 Jan 2005 10:17:14 -0500
From: [EMAIL PROTECTED] (Michael C. Schultheiss)
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#292351: fixed in gallery 1.4.4-pl5-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Wed, 26 Jan 2005 10:17:14 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 2
Source: gallery
Source-Version: 1.4.4-pl5-1
We believe that the bug you reported is fixed in the latest version of
gallery, which is due to be installed in the Debian FTP archive:
gallery_1.4.4-pl5-1.diff.gz
to pool/main/g/gallery/gallery_1.4.4-pl5-1.diff.gz
gallery_1.4.4-pl5-1.dsc
to pool/main/g/gallery/gallery_1.4.4-pl5-1.dsc
gallery_1.4.4-pl5-1_all.deb
to pool/main/g/gallery/gallery_1.4.4-pl5-1_all.deb
gallery_1.4.4-pl5.orig.tar.gz
to pool/main/g/gallery/gallery_1.4.4-pl5.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael C. Schultheiss <[EMAIL PROTECTED]> (supplier of updated gallery package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 26 Jan 2005 14:28:11 +0000
Source: gallery
Binary: gallery
Architecture: source all
Version: 1.4.4-pl5-1
Distribution: unstable
Urgency: high
Maintainer: Michael C. Schultheiss <[EMAIL PROTECTED]>
Changed-By: Michael C. Schultheiss <[EMAIL PROTECTED]>
Description:
gallery - a web-based photo album written in php
Closes: 290367 292351
Changes:
gallery (1.4.4-pl5-1) unstable; urgency=high
.
* New upstream release - urgency high due to XSS security
fixes (Closes: #292351)
* debian/control: Add php5 packages to php dependency
possibilities (Closes: #290367)
* write.inc: Give full path to secure.sh
Files:
9c63ecfe82c99a0299cd2d84b1152390 595 web optional gallery_1.4.4-pl5-1.dsc
dc462c821c1a743e82b9354d6ed532a2 5801833 web optional
gallery_1.4.4-pl5.orig.tar.gz
26e7c78fc4622940f7f49684d39e5ccc 14638 web optional gallery_1.4.4-pl5-1.diff.gz
1e6f1ce04d141cf463be30aba91fa901 5752200 web optional
gallery_1.4.4-pl5-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFB967ayJBzD6P54w4RAsOWAJ9c//qP/Ojo0wc8j9aLerGEVicdywCggVMM
PHyrnqCsX8BPz5URcSPp60I=
=YVum
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
