From: Jay R. / S. <cry...@co...> - 2004-12-18 02:17:27
|
I haven't read anything to believe that Gallery is specifically effected, since we sanitize all of our user data prior to any serialization, and we never unserialize user data directly, but Andrew's right... Better safe than sorry. Andrew Lindeman wrote: >Gallery uses unserialize(), so it's *probably* affected by the (biggest >of the list) vulnerability. I'd say it's recommended you upgrade to >4.3.10 as soon as is convenient, as there's no reason to take chances. > >--Andrew > >On Fri, 2004-12-17 at 19:01, Jim Popovitch wrote: > > >>What affect, if any, do the recently announced PHP vulnerabilities have >>on Gallery? I am a new gallery user and haven't really dug into the >>code yet, so I'm hoping that someone who better understands Gallery and >>PHP can chime in and let me know their opinion. I am running Gallery >>v1.4.4-pl4. >> >>tia, >> >>-Jim P. >> >> >> >>------------------------------------------------------- >>SF email is sponsored by - The IT Product Guide >>Read honest & candid reviews on hundreds of IT Products from real users. >>Discover which products truly live up to the hype. Start reading now. >>http://productguide.itmanagersjournal.com/ >>__[ g a l l e r y - d e v e l ]_________________________ >> >>[ list info/archive --> http://gallery.sf.net/lists.php ] >>[ gallery info/FAQ/download --> http://gallery.sf.net ] >> >> -- Jay Rossiter http://www.cothlamadh.net/ 503.579.0812 cry...@co... |