gallery -- multiple vulnerabilities

2013-06-28T00:00:00
ID 9B037A0D-EF2C-11E2-B4A0-8C705AF55518
Type freebsd
Reporter FreeBSD
Modified 2013-06-28T00:00:00

Description

Red Hat Security Response Team reports:

Gallery upstream has released 3.0.9 version, correcting two security flaws: Issue #1 - Improper stripping of URL fragments in flowplayer SWF file might lead to reply attacks (a different flaw than CVE-2013-2138). Issue #2 - gallery3: Multiple information exposure flaws in data rest core module.