CVE-2013-2138

Publication date 10 October 2013

Last updated 24 July 2024


Ubuntu priority

The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a replay attack.

Read the notes from the security team

Status

Package Ubuntu Release Status
gallery 13.04 raring
Not affected
12.10 quantal
Not affected
12.04 LTS precise
Not affected
10.04 LTS lucid
Not affected
gallery2 13.04 raring
Not affected
12.10 quantal
Not affected
12.04 LTS precise
Not affected
10.04 LTS lucid
Not affected

Notes


seth-arnold

our versions of gallery and gallery2 do not have the swf files, and other packages with uploadify don't appear to have the same issue on first inspection