Bug 462872

Summary: CVE-2008-3662 gallery2 session hijacking vulnerability [F9]
Product: [Fedora] Fedora Reporter: Josh Bressers <bressers>
Component: gallery2Assignee: John Berninger <john>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 9CC: security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-12-13 15:07:56 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 462870, 462883, 462885    

Description Josh Bressers 2008-09-19 13:09:39 UTC 
F9 tracking bug: see blocks bug list for full details of the security issue(s).

This bug is never intended to be made public, please put any public notes in the 'blocks' bugs.

NOTE THIS ISSUE IS CURRENTLY EMBARGOED, DO NOT MAKE PUBLIC COMMITS OR COMMENTS ABOUT THIS ISSUE.

[bug automatically created by: add-tracking-bugs]
Comment 1 Josh Bressers 2008-09-19 13:09:44 UTC 
You can eventually use the following link to create the update request: 
https://admin.fedoraproject.org/updates/new/request=Stabletype=securityrelease=Fedora%209&bugs=462872
Comment 2 Tomas Hoger 2008-09-29 08:40:24 UTC 
Correct update link should be:

https://admin.fedoraproject.org/updates/new/?request=Stable&type_=security&release=Fedora%25209&bugs=462872,462870,462883,462885
Comment 3 Tomas Hoger 2008-09-29 08:42:04 UTC 
Correction of my previous correction:

https://admin.fedoraproject.org/updates/new/?request=Stable&type_=security&release=Fedora%209&bugs=462872,462870,462883,462885
Comment 4 Fedora Update System 2008-12-13 15:07:47 UTC 
gallery2-2.3-1.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.