Gallery 1.3.4-p1 security release
Date: Sunday, July 27 @ 22:28:18 CEST
Topic: Security


We received email this morning from Larry Nguyen, an alert and responsible Gallery user who notified us about a cross-site-scripting flaw in Gallery. This security flaw can allow a malicious user to craft a URL that executes Javascript code on your website.

We estimate the security risk of this flaw to be relatively minor, however
we take all security issues very seriously. You can download patch
instructions or a complete version of Gallery including the new changes
from the Gallery download page:



http://sourceforge.net/project/showfiles.php?group_id=7130


For more information on the vulnerability, cross site scripting, and a
simple one-character-change quick fix please read the news story on the
Gallery website:



http://gallery.sourceforge.net/article.php?sid=82




regards,

Gallery Dev Team






This article comes from NukeCops
http://www.nukecops.com

The URL for this story is:
http://www.nukecops.com/modules.php?name=News&file=article&sid=398