oss-security - Re: CVE request: phpbb before 3.0.5

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Message-ID: <998181689.222641263930352704.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com>
Date: Tue, 19 Jan 2010 14:45:52 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE request: phpbb before 3.0.5

I'm going to leave this one to MITRE. It's much bigger than a breadbasket
to sort through the list of things fixed, which I don't have time to do.

Sorry.

-- 
    JB


----- "Hanno Böck" <hanno@...eck.de> wrote:

> See:
> http://www.phpbb.com/community/viewtopic.php?f=14&p=9764445
> "This release fixes numerous bugs since the 3.0.4 release, corrects
> style 
> issues, fixing one very minor security bug as well as increasing
> performance 
> and scalability again."
> # [Sec] Only use forum id supplied for posting if global announcement
> 
> detected. (Reported by nickvergessen)
> 
> 
> Also please note that the last time I requested CVEs for phpbb, they
> never got 
> assigned:
> http://seclists.org/oss-sec/2009/q1/104
> 
> cu,
> 
> -- 
> Hanno Böck		Blog:		http://www.hboeck.de/
> GPG: 3DBD3B20		Jabber/Mail:	hanno@...eck.de
> 
> http://schokokeks.org - professional webhosting

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.