oss-sec mailing list archives
Re: CVE request: phpbb 3.0.7 and before 3.0.5
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 18 May 2010 13:39:37 -0400 (EDT)
On Tue, 18 May 2010, Josh Bressers wrote:
# [Sec] Only use forum id supplied for posting if global announcement detected. (Reported by nickvergessen)I don't understand what this means. Do you have more information?
I don't know what it means either. Another part of daily life in CVE. However, the announcement comes from the vendor so we will ultimately call it an unspecified vuln with unknown impact and attack vectors related to "forum id" and "global announcement" or some equally useless description.
So this could use a CVE, too. At worst it's a signal to consumers that they need to patch, even if the developer isn't clearly explaining why.
Not much different than your typical Linux kernel bug, actually :-/ - Steve
Current thread:
- CVE request: phpbb 3.0.7 and before 3.0.5 Hanno Böck (May 16)
- Re: CVE request: phpbb 3.0.7 and before 3.0.5 Josh Bressers (May 18)
- Re: CVE request: phpbb 3.0.7 and before 3.0.5 Steven M. Christey (May 18)
- <Possible follow-ups>
- Re: CVE request: phpbb 3.0.7 and before 3.0.5 Josh Bressers (May 18)
- Re: CVE request: phpbb 3.0.7 and before 3.0.5 Hanno Böck (May 19)
- Re: CVE request: phpbb 3.0.7 and before 3.0.5 Josh Bressers (May 19)
- Re: CVE request: phpbb 3.0.7 and before 3.0.5 Steven M. Christey (May 19)
- Re: CVE request: phpbb 3.0.7 and before 3.0.5 Hanno Böck (May 19)
- Message not available
- Re: CVE request: phpbb 3.0.7 and before 3.0.5 Thijs Kinkhorst (May 19)
- Re: CVE request: phpbb 3.0.7 and before 3.0.5 Josh Bressers (May 18)