CVE-2008-4129
Published: 18 September 2008
Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
gallery Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
| feisty |
Ignored
(end of life, was needed)
|
|
| gutsy |
Ignored
(end of life, was needed)
|
|
| hardy |
Ignored
(end of life)
|
|
| intrepid |
Ignored
(end of life, was needed)
|
|
| jaunty |
Not vulnerable
(1.5.9-1.2ubuntu1)
|
|
| karmic |
Not vulnerable
(1.5.9-1.2ubuntu1)
|
|
| lucid |
Not vulnerable
(1.5.9-1.2ubuntu1)
|
|
| maverick |
Not vulnerable
(1.5.9-1.2ubuntu1)
|
|
| natty |
Not vulnerable
(1.5.9-1.2ubuntu1)
|
|
| oneiric |
Not vulnerable
(1.5.9-1.2ubuntu1)
|
|
| upstream |
Released
(1.5.9)
|
|
|
gallery2 Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
| feisty |
Ignored
(end of life, was needed)
|
|
| gutsy |
Ignored
(end of life, was needed)
|
|
| hardy |
Ignored
(end of life)
|
|
| intrepid |
Not vulnerable
(2.2.6-1)
|
|
| jaunty |
Not vulnerable
(2.2.6-1)
|
|
| karmic |
Not vulnerable
(2.2.6-1)
|
|
| lucid |
Not vulnerable
(2.2.6-1)
|
|
| maverick |
Not vulnerable
(2.2.6-1)
|
|
| natty |
Not vulnerable
(2.2.6-1)
|
|
| oneiric |
Not vulnerable
(2.2.6-1)
|
|
| upstream |
Released
(2.2.6)
|