oss-sec mailing list archives

Re: CVE request: phpbb before 3.0.5

From: Josh Bressers <bressers () redhat com>
Date: Tue, 19 Jan 2010 14:45:52 -0500 (EST)

I'm going to leave this one to MITRE. It's much bigger than a breadbasket
to sort through the list of things fixed, which I don't have time to do.

Sorry.

-- 
    JB


----- "Hanno Böck" <hanno () hboeck de> wrote:

See:
http://www.phpbb.com/community/viewtopic.php?f=14&p=9764445
"This release fixes numerous bugs since the 3.0.4 release, corrects
style 
issues, fixing one very minor security bug as well as increasing
performance 
and scalability again."
# [Sec] Only use forum id supplied for posting if global announcement

detected. (Reported by nickvergessen)


Also please note that the last time I requested CVEs for phpbb, they
never got 
assigned:
http://seclists.org/oss-sec/2009/q1/104

cu,

-- 
Hanno Böck            Blog:           http://www.hboeck.de/
GPG: 3DBD3B20         Jabber/Mail:    hanno () hboeck de

http://schokokeks.org - professional webhosting

Current thread:

CVE request: phpbb before 3.0.5 Hanno Böck (Jan 16)
- Re: CVE request: phpbb before 3.0.5 Josh Bressers (Jan 19)