From nobody@FreeBSD.org  Sat Jan 24 07:29:10 2009
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3E5AC106564A
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 24 Jan 2009 07:29:10 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 259468FC1C
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 24 Jan 2009 07:29:10 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id n0O7T9Br099268
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 24 Jan 2009 07:29:09 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id n0O7T9v8099267;
	Sat, 24 Jan 2009 07:29:09 GMT
	(envelope-from nobody)
Message-Id: <200901240729.n0O7T9v8099267@www.freebsd.org>
Date: Sat, 24 Jan 2009 07:29:09 GMT
From: Mark Foster <mark@foster.cc>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [vuxml] update for vulnerability in www/phpwebgallery
X-Send-Pr-Version: www-3.1
X-GNATS-Notify: glz@hidden-powers.com

>Number:         130933
>Category:       ports
>Synopsis:       [vuxml] update for vulnerability in www/phpwebgallery
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    miwi
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Sat Jan 24 07:30:05 UTC 2009
>Closed-Date:    Thu Feb 05 15:10:59 UTC 2009
>Last-Modified:  Thu Feb 05 15:10:59 UTC 2009
>Originator:     Mark Foster
>Release:        7.1 RELEASE
>Organization:
Credentia
>Environment:
>Description:

>How-To-Repeat:

>Fix:
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
   <vuln vid="b240c087-2685-4d50-8907-1d871a52eae0">
     <topic>phpwebgallery -- Enhanced Simple PHP Gallery Directory Traversal</topic>
     <affects>
       <package>
         <name>phpwebgallery</name>
         <range><le>1.72</le></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
         <p>SANS reports:</p>
         <blockquote cite="http://www.securityfocus.com/bid/33335">
           <p>Enhanced Simple PHP Gallery is a PHP-based photo gallery
based on Simple PHP Gallery by Paul Griffin. Enhanced Simple PHP
Gallery is exposed to a directory traversal issue because it fails to
sufficiently sanitize user-supplied input to the file parameter of
the comment.php script. Enhanced Simple PHP Gallery version 1.72 is
affected.</p>
         </blockquote>
       </body>
     </description>
     <references>
      <url>http://www.securityfocus.com/bid/33335</url>
      <bid>33335</bid>
     </references>
     <dates>
       <discovery>2009-01-19</discovery>
       <entry>2009-01-23</entry>
     </dates>
   </vuln>



>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: edwin 
State-Changed-When: Sat Jan 24 07:30:20 UTC 2009 
State-Changed-Why:  
Awaiting maintainers feedback (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=130933 

From: Edwin Groothuis <edwin@FreeBSD.org>
To: glz@hidden-powers.com
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/130933: [vuxml] update for vulnerability in www/phpwebgallery
Date: Sat, 24 Jan 2009 07:30:17 UT

 Maintainer of www/phpwebgallery,
 
 Please note that PR ports/130933 has just been submitted.
 
 If it contains a patch for an upgrade, an enhancement or a bug fix
 you agree on, reply to this email stating that you approve the patch
 and a committer will take care of it.
 
 The full text of the PR can be found at:
     http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/130933
 
 -- 
 Edwin Groothuis via the GNATS Auto Assign Tool
 edwin@FreeBSD.org

From: Goran Lowkrantz <glz@hidden-powers.com>
To: bug-followup@FreeBSD.org
Cc: Edwin Groothuis <edwin@FreeBSD.org>
Subject: Re: ports/130933: [vuxml] update for vulnerability in
 www/phpwebgallery
Date: Sat, 24 Jan 2009 09:25:55 +0100

 I think the problem is in another PHP Web Gallery, the reference is to 
 <http://quirm.net/2008/10/01/espg-features/> while www-phpwebgallery is 
 from <http://www.phpwebgallery.net/>. They don't seems related as far as I 
 can see.
 
 
 /glz
 
Responsible-Changed-From-To: freebsd-ports-bugs->miwi 
Responsible-Changed-By: miwi 
Responsible-Changed-When: Thu Jan 29 23:06:44 UTC 2009 
Responsible-Changed-Why:  
I'll take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=130933 
State-Changed-From-To: feedback->closed 
State-Changed-By: miwi 
State-Changed-When: Thu Feb 5 15:10:57 UTC 2009 
State-Changed-Why:  
I agree here with maintianer and close this pr. Thanks for your 
submission. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=130933 
>Unformatted:
