-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wed, 4 Jan 2004 16:30:00 -0100 Source: gallery Binary: gallery Architecture: source all Version: 1.2.5-8woody3 Distribution: stable-security Urgency: high Maintainer: Adam Lazur <zal@debian.org> Changed-By: Uli Martens <uli@youam.net> Description: gallery - a web-based photo album written in php Changes: gallery (1.2.5-8woody3) stable-security; urgency=high . * Non-maintainer upload for the Security Team * Fix cross-site scripting vulnerability in include parameter [index.php, CAN-2004-1106] * Added dbhost and GLOBALS to sensitive list [init.php, CAN] * Check for imported variables via $_REQUEST and $_FILES as well [init.php, CVE-NOMATCH] Files: f789c8198ba2b859cfb5cca31aaf6dcd 573 web optional gallery_1.2.5-8woody3.dsc 6acd9ee257ddad8c2ffa568b5540e9fe 7908 web optional gallery_1.2.5-8woody3.diff.gz 3527d050800873dc990c1d002478aa7e 133126 web optional gallery_1.2.5-8woody3_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFB62QkW5ql+IAeqTIRAo72AJ46MJ0n2c2DtWGJlErg1TT3CJkBpACeKzkb K1mMK+ZImuSNxhbJTy0eN0M= =Enlv -----END PGP SIGNATURE----- Accepted: gallery_1.2.5-8woody3.diff.gz to pool/main/g/gallery/gallery_1.2.5-8woody3.diff.gz gallery_1.2.5-8woody3.dsc to pool/main/g/gallery/gallery_1.2.5-8woody3.dsc gallery_1.2.5-8woody3_all.deb to pool/main/g/gallery/gallery_1.2.5-8woody3_all.deb -- To UNSUBSCRIBE, email to debian-changes-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org