Candidate: CVE-2008-4129
PublicDate: 2008-09-18 20:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4129
Description:
 Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP
 archives containing symbolic links, which allows remote authenticated users
 to conduct directory traversal attacks and read arbitrary files via vectors
 related to the archive upload (aka zip upload) functionality.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_gallery2:
upstream_gallery2: released (2.2.6)
dapper_gallery2: ignored (reached end-of-life)
feisty_gallery2: needed (reached end-of-life)
gutsy_gallery2: needed (reached end-of-life)
hardy_gallery2: ignored (reached end-of-life)
intrepid_gallery2: not-affected (2.2.6-1)
jaunty_gallery2: not-affected (2.2.6-1)
karmic_gallery2: not-affected (2.2.6-1)
lucid_gallery2: not-affected (2.2.6-1)
maverick_gallery2: not-affected (2.2.6-1)
natty_gallery2: not-affected (2.2.6-1)
oneiric_gallery2: not-affected (2.2.6-1)
devel_gallery2: not-affected (2.2.6-1)

Patches_gallery:
upstream_gallery: released (1.5.9)
dapper_gallery: ignored (reached end-of-life)
feisty_gallery: needed (reached end-of-life)
gutsy_gallery: needed (reached end-of-life)
hardy_gallery: ignored (reached end-of-life)
intrepid_gallery: needed (reached end-of-life)
jaunty_gallery: not-affected (1.5.9-1.2ubuntu1)
karmic_gallery: not-affected (1.5.9-1.2ubuntu1)
lucid_gallery: not-affected (1.5.9-1.2ubuntu1)
maverick_gallery: not-affected (1.5.9-1.2ubuntu1)
natty_gallery: not-affected (1.5.9-1.2ubuntu1)
oneiric_gallery: not-affected (1.5.9-1.2ubuntu1)
devel_gallery: not-affected (1.5.9-1.2ubuntu1)