It was reported [1] that some low-risk XSS flaws that are limited to the administration area were found in Gallery 3.x and 2.x. In addition, some unspecified possible encryption-related flaws were also reported. These issues have been corrected in Gallery 2.3.2 and 3.0.3. [1] http://gallery.menalto.com/gallery_3_0_3_and_gallery_2_3_2
Created gallery2 tracking bugs for this issue Affects: fedora-all [bug 812048] Affects: epel-5 [bug 812050]
Created gallery3 tracking bugs for this issue Affects: fedora-rawhide [bug 812049]
(In reply to comment #0) > In addition, some unspecified possible encryption-related flaws were also reported. Common Vulnerabilities and Exposures assigned an identifier CVE-2012-2405 to these encryption-related flaws with the following description: Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecified impact and attack vectors, a different vulnerability than CVE-2012-1113. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2405 http://gallery.menalto.com/gallery_3_0_3_and_gallery_2_3_2 https://bugzilla.redhat.com/show_bug.cgi?id=812045
This is fixed in: gallery2-2.3.2-1.el5 (EPEL5) gallery3-3.0.3-1.el6 (EPEL6) gallery2-2.3.2-1.fc15 (Fedora 15) gallery3-3.0.3-1.fc16 (Fedora 16) gallery3-3.0.3-1.fc17 (Fedora 17)