Site Navigation:
security gallery3-3.0.9-1.fc19 security update
Status:stable
Release: Fedora 19
Update ID: FEDORA-2013-12384
Builds: gallery3-3.0.9-1.fc19 (logs)
Pushed: True
Date Submitted: 2013-07-05 14:33:16
Date Released: 2013-07-05 23:15:08
Submitter: limb
Karma: 0
Stable karma: 3
Unstable karma: -3
Details

Fixes for CVE-2013-2240, CVE-2013-2241.

A security flaw was found in the way flowplayer SWF file handling functionality of Gallery version 3, an open source project with the goal to develop and support leading photo sharing web application solutions, processed certain URL fragments passed to this file (certain URL fragments were not stripped properly when these files were called via direct URL request(s)). A remote attacker could use this flaw to conduct replay attacks.

Multiple information exposure flaws were found in the way data rest core module of Gallery version 3, an open source project with the goal to develop and support leading photo sharing web application solutions, used to previously restrict access to certain items of the photo album. A remote attacker, valid Gallery 3 user, could use this flaw to possibly obtain sensitive information (file, resize or thumb path of the item in question).

Bugs Fixed
981218 - CVE-2013-2138: gallery3 various flaws [fedora-all]
981219 - CVE-2013-2138: gallery3 various flaws [epel-6]
Feedback
bodhi - 2013-07-05 14:33:32
This update has been submitted for testing by limb.
autoqa - 2013-07-05 15:20:23
AutoQA: depcheck test PASSED on x86_64. Result log: http://autoqa.fedoraproject.org/report/wdfc (results are informative only)
bodhi - 2013-07-05 15:48:10
This update is currently being pushed to the Fedora 19 testing updates repository.
bodhi - 2013-07-06 00:49:58
This update has been pushed to testing
bodhi - 2013-07-13 10:04:35
This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes
bodhi - 2013-07-15 12:04:09
This update has been submitted for stable by limb.
autoqa - 2013-07-15 14:17:59
AutoQA: depcheck test PASSED on i386. Result log: http://autoqa.fedoraproject.org/report/wq3j (results are informative only)
bodhi - 2013-07-15 15:46:21
This update is currently being pushed to the Fedora 19 stable updates repository.
bodhi - 2013-07-15 15:53:56
This update is currently being pushed to the Fedora 19 stable updates repository.
bodhi - 2013-07-16 01:37:27
This update has been pushed to stable

Add a comment

Tip: Login to impact how quickly this update gets pushed or unpushed.
obfuscated letters