Your message dated Thu, 02 Mar 2006 16:02:23 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#355009: fixed in gallery2 2.0.3-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: gallery2
Severity: important
Gallery 2.0.3 is now available for download. This release adds no new
features. It fixes a minor XSS exploit and an exploit in the session
code that could allow users to remotely delete session files. These
security flaws were discovered during an independent audit by James
Bercegay from GulfTech Security Research who reported them to us and
worked with us to provide an appropriate solution. There are no known
exploits of these flaws in the wild. However we strongly recommend that
you upgrade to version 2.0.3 as soon as possible. Please follow our
upgrading instructions and download and install the latest release.
--- End Message ---
--- Begin Message ---
Source: gallery2
Source-Version: 2.0.3-1
We believe that the bug you reported is fixed in the latest version of
gallery2, which is due to be installed in the Debian FTP archive:
gallery2_2.0.3-1.diff.gz
to pool/main/g/gallery2/gallery2_2.0.3-1.diff.gz
gallery2_2.0.3-1.dsc
to pool/main/g/gallery2/gallery2_2.0.3-1.dsc
gallery2_2.0.3-1_all.deb
to pool/main/g/gallery2/gallery2_2.0.3-1_all.deb
gallery2_2.0.3.orig.tar.gz
to pool/main/g/gallery2/gallery2_2.0.3.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael C. Schultheiss <[EMAIL PROTECTED]> (supplier of updated gallery2
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 2 Mar 2006 17:52:34 +0000
Source: gallery2
Binary: gallery2
Architecture: source all
Version: 2.0.3-1
Distribution: unstable
Urgency: high
Maintainer: Michael C. Schultheiss <[EMAIL PROTECTED]>
Changed-By: Michael C. Schultheiss <[EMAIL PROTECTED]>
Description:
gallery2 - web-based photo album written in PHP
Closes: 341088 355009
Changes:
gallery2 (2.0.3-1) unstable; urgency=high
.
* New upstream release (Closes: #355009)
+ Urgency high due to security issues
- Fixes minor XSS issue
- Fixes session code issue that could allow users to remotely delete
session files
* l10n update:
+ Add Basque translation of debconf templates (Thanks to
Piarres Beobide. Closes: #341088)
* debian/rules: Bump DH_COMPAT to level 5
Files:
7a1ab5706a13db4dc8e2af482d1e31ff 585 web optional gallery2_2.0.3-1.dsc
a0af02fe79e06371c9fd5cd29d462b8a 6666118 web optional
gallery2_2.0.3.orig.tar.gz
f144defedebd7b8dd234e478cff48d65 11324 web optional gallery2_2.0.3-1.diff.gz
4531a1f81db5fcecf6b4e371b9bb3b76 6739664 web optional gallery2_2.0.3-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFEBzlNyJBzD6P54w4RAl6IAJ9bva+BPwEzDPJpE+ZqdzKMwnQfeACffiex
G8oE4Zd2mZau1ZmnRsdgjSg=
=Wwls
-----END PGP SIGNATURE-----
--- End Message ---
