Red Hat Bugzilla – Bug 833188
gallery: 3.0.4 fixes numerous security flaws
Last modified: 2012-07-09 21:12:13 EDT
Gallery 3.0.4  was released with the following release notes:
After several extensive internal and external security audits which discovered 22 distinct vulnerabilities, we are releasing Gallery 3.0.4 as a security release. All of the issues require that someone with malicious intent either have an account with edit permissions, or trick a user with edit permissions into clicking on a malicious link. In most cases, this can only lead to a possible XSS vulnerability, but in several instances it allows arbitrary PHP code execution.
Created gallery3 tracking bugs for this issue
Affects: fedora-all [bug 833189]
Affects: epel-6 [bug 833190]