Your message dated Thu, 06 Jun 2013 06:48:19 +0000
with message-id <[email protected]>
and subject line Bug#711256: Removed package(s) from unstable
has caused the Debian Bug report #345635,
regarding gallery: Unauthorized Direct Photo Access Possible
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
345635: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345635
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: gallery
Version: 1.5-1sarge1
Severity: important
Normally, accessing photos in a password protected albums require logging in.
If you try to access http://hostname/gallery/album01/aaa, and the album
requires logging in, you are redirected to "Attention" page. But if you
type http://hostname/albums/album01/aaa or http://hostname/albums/album01/
aaa.jpg, you can directly see the picture without logging in.
This problem can be partially fixed by adding something like,
SetEnvIf REFERER "http://hostname"; OK
Order deny,allow
Deny from all
Allow from env=OK
to apache config file. But if you do this you probably can't access
movie files, which are often opened by external programs.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.27-2-686
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages gallery depends on:
ii apache 1.3.33-6sarge1 versatile, high-performance HTTP s
ii apache-ssl 1.3.33-6sarge1 versatile, high-performance HTTP s
ii debconf 1.4.30.13 Debian configuration management sy
ii netpbm 2:10.0-8sarge2 Graphics conversion tools
ii php4 4:4.3.10-16 server-side, HTML-embedded scripti
-- debconf information:
* gallery/restart: true
* gallery/webserver: apache
--- End Message ---
--- Begin Message ---
Version: 1.5.10.dfsg-1.1+rm
Dear submitter,
as the package gallery has just been removed from the Debian archive
unstable we hereby close the associated bug reports. We are sorry
that we couldn't deal with your issue properly.
For details on the removal, please see http://bugs.debian.org/711256
The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.
This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
[email protected].
Debian distribution maintenance software
pp.
Ansgar Burchardt (the ftpmaster behind the curtain)
--- End Message ---
