Red Hat Bugzilla – Bug 812045
CVE-2012-1113 CVE-2012-2405 gallery: XSS flaws in administration area and encryption-related flaws
Last modified: 2016-03-04 06:26:57 EST
It was reported  that some low-risk XSS flaws that are limited to the administration area were found in Gallery 3.x and 2.x. In addition, some unspecified possible encryption-related flaws were also reported. These issues have been corrected in Gallery 2.3.2 and 3.0.3.
Created gallery2 tracking bugs for this issue
Affects: fedora-all [bug 812048]
Affects: epel-5 [bug 812050]
Created gallery3 tracking bugs for this issue
Affects: fedora-rawhide [bug 812049]
(In reply to comment #0)
> In addition, some unspecified possible encryption-related flaws were also reported.
Common Vulnerabilities and Exposures assigned an identifier CVE-2012-2405 to
these encryption-related flaws with the following description:
Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecified impact and attack vectors, a different vulnerability than CVE-2012-1113.
This is fixed in:
gallery2-2.3.2-1.fc15 (Fedora 15)
gallery3-3.0.3-1.fc16 (Fedora 16)
gallery3-3.0.3-1.fc17 (Fedora 17)