Author: jmm-guest Date: 2005-08-28 18:35:35 +0000 (Sun, 28 Aug 2005) New Revision: 1699 Modified: data/CAN/list Log: gallery fixed, fixes another gallery vuln as well Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-08-28 17:41:34 UTC (rev 1698) +++ data/CAN/list 2005-08-28 18:35:35 UTC (rev 1699) @@ -1,7 +1,7 @@ CAN-2005-XXXX [Insecure tempfile usage in tleds] - tleds 1.05beta10-9 (bug# 276789; low) CAN-2005-XXXX [XSS in gallery''s EXIF handling] - - gallery (unfixed; bug #325285; medium) + - gallery 1.5-2 (bug #325285; medium) - gallery2 (unfixed; bug #325285; medium) CAN-2005-2693 [cvs: cvsbug temporary file bug] NOTE: not shipped in binary package @@ -413,7 +413,7 @@ CAN-2005-2597 (AOL Client Software 9.0 uses insecure permissions for its installation ...) NOTE: not-for-us (AOL Client) CAN-2005-2596 (User.php in Gallery, as used in Postnuke, allows users with any Admin ...) - NOTE: not-for-us (Gallery, as used in Postnuke) + - gallery 1.5-2 (medium) CAN-2005-2595 (Cross-site scripting (XSS) vulnerability in Dada Mail before 2.10 ...) NOTE: not-for-us (Dada Mail) CAN-2005-2594 (Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to ...)