Gallery 2.0.3 Security Fix Release http://gallery.menalto.com/gallery_2.0.3_released This release adds no new features. It fixes a minor XSS exploit and an exploit in the session code that could allow users to remotely delete session files.
State Changed From-To: open->feedback Awaiting maintainers feedback
This change looks good to me.
This PR is now out of date. Gallery 2.0.4 has been released, which contains security fixes. Here is the diff to apply that version: --- gallery2-2.0.4.patch begins here --- Index: Makefile =================================================================== RCS file: /home/freebsd/cvsroot/ports/www/gallery2/Makefile,v retrieving revision 1.44 diff -u -u -r1.44 Makefile --- Makefile 8 Feb 2006 16:03:05 -0000 1.44 +++ Makefile 11 Mar 2006 18:00:38 -0000 @@ -6,11 +6,11 @@ # PORTNAME= gallery2 -PORTVERSION= 2.0.2 +PORTVERSION= 2.0.4 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= gallery -DISTNAME= gallery-2.0.2-full +DISTNAME= gallery-2.0.4-full DIST_SUBDIR= gallery2 MAINTAINER= freebsd-ports@varju.ca Index: distinfo =================================================================== RCS file: /home/freebsd/cvsroot/ports/www/gallery2/distinfo,v retrieving revision 1.33 diff -u -u -r1.33 distinfo --- distinfo 24 Jan 2006 03:13:08 -0000 1.33 +++ distinfo 11 Mar 2006 18:00:59 -0000 @@ -1,3 +1,3 @@ -MD5 (gallery2/gallery-2.0.2-full.tar.gz) = b833b195d1713745b97be0abfec221f6 -SHA256 (gallery2/gallery-2.0.2-full.tar.gz) = d18916b5300f47b69fb941da5591ab986a673f4ef1148a6a2aa0f922d1b6f564 -SIZE (gallery2/gallery-2.0.2-full.tar.gz) = 5426443 +MD5 (gallery2/gallery-2.0.4-full.tar.gz) = 6e178785f0c35cb4d871241bb56740a8 +SHA256 (gallery2/gallery-2.0.4-full.tar.gz) = a6ffc904c1cd0971e4eee1a0d298b533790047aa579f51b672c43224cfec34ba +SIZE (gallery2/gallery-2.0.4-full.tar.gz) = 5427163 --- gallery2-2.0.4.patch ends here ---
State Changed From-To: feedback->closed Upgraded to 2.1 (by ports/94971). Thanks!