Package: gallery2 Severity: high We're releasing both Gallery 3.0.3 and Gallery 2.3.2 as security releases. Several researchers, working independently, discovered possible encryption-related vulnerabilities. Low-risk XSS vulnerabilities limited to the administration area were also reported. We thank the following individuals for reporting these issues: James 'albino' Kettle, George Argyros & Aggelos Kiayias, and Emanuel Bronshtein. The CVE id for these issues is CVE-2012-1113.
We recommend that all users of Gallery 2 and Gallery 3 upgrade as soon as possible. For complete details on this release including what changed, please refer to the official news story: http://gallery.menalto.com/gallery_3_0_3_and_gallery_2_3_2 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
