Your message dated Wed, 08 Feb 2006 13:47:21 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#351946: fixed in gallery 1.5.2-pl2-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: gallery
Severity: important
Gallery 1.5.2-pl2 is now available for download. This release fixes
several things:
* A very major data loss issue with the zip download component. If
a zip file is not successfully created, Gallery 1.5.2 and Gallery
1.5.2-pl1 will try and delete many more files than they should.
* A very minor security problem where a user with write access to a
server could create a specially formatted file, coerce someone with
owner privileges in the Gallery to click on a specially formatted link,
which could modify stored album data and possibly lead to local code
execution. We thank Tom Saville (seregon at bughunter dot net) and his
team from <http://digitalarmaments.com> for reporting this us and giving
us time to get a patch out.
We Strongly Recommend all Gallery 1.5.2 users upgrade immediately to
1.5.2-pl2 to avoid loosing data on your webserver!
Download Gallery 1.5.2-pl2 from
<http://sf.net/project/showfiles.php?group_id=7130&package_id=7239>
Get all the details at
<http://gallery.menalto.com/gallery_1_5_2_pl2_security_release>
--- End Message ---
--- Begin Message ---
Source: gallery
Source-Version: 1.5.2-pl2-1
We believe that the bug you reported is fixed in the latest version of
gallery, which is due to be installed in the Debian FTP archive:
gallery_1.5.2-pl2-1.diff.gz
to pool/main/g/gallery/gallery_1.5.2-pl2-1.diff.gz
gallery_1.5.2-pl2-1.dsc
to pool/main/g/gallery/gallery_1.5.2-pl2-1.dsc
gallery_1.5.2-pl2-1_all.deb
to pool/main/g/gallery/gallery_1.5.2-pl2-1_all.deb
gallery_1.5.2-pl2.orig.tar.gz
to pool/main/g/gallery/gallery_1.5.2-pl2.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael C. Schultheiss <[EMAIL PROTECTED]> (supplier of updated gallery package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 8 Feb 2006 21:00:27 +0000
Source: gallery
Binary: gallery
Architecture: source all
Version: 1.5.2-pl2-1
Distribution: unstable
Urgency: high
Maintainer: Michael C. Schultheiss <[EMAIL PROTECTED]>
Changed-By: Michael C. Schultheiss <[EMAIL PROTECTED]>
Description:
gallery - a web-based photo album written in php
Closes: 351946
Changes:
gallery (1.5.2-pl2-1) unstable; urgency=high
.
* New upstream release (Closes: #351946)
+ Urgency high due to potential dataloss with gallery 1.5.2's zip
download component
Files:
6f8b75f9bd54bc667d7fc5d5a0928dcb 593 web optional gallery_1.5.2-pl2-1.dsc
320498c3471b782cb8dc1e8fd3180466 8050147 web optional
gallery_1.5.2-pl2.orig.tar.gz
0fec6e7e067c529fff0c30e3545210d2 16198 web optional gallery_1.5.2-pl2-1.diff.gz
9afa82ad4ab03231155303e952a92c7c 7897992 web optional
gallery_1.5.2-pl2-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFD6mV3yJBzD6P54w4RAmVgAJ9xuaGwY80E5GzYaeXcshWBmVkgUQCeKHLg
RhuQuO4IT/JROYaPF/xebXM=
=EN4s
-----END PGP SIGNATURE-----
--- End Message ---
