[Secure-testing-team] phpBB 2.0.19 released,
Debian appears not vulnerable
Thijs Kinkhorst
kink at squirrelmail.org
Fri Dec 30 19:15:41 UTC 2005
Package: phpbb2
Severity: wishlist
Hello all,
The phpBB authors have released 2.0.19 today which lists the following
issues labeled as security:
1 * [Sec] fixed XSS issue (only valid for Internet Explorer) within the
url bbcode
2 * [Sec] fixed XSS issue (only valid for Internet Explorer) if html
tags are allowed and enabled
3 * [Sec] added configurable maximum login attempts to prevent
dictionary attacks
1) has already been fixed in Debian because we applied a smarter fix for
a previous problem with that same code.
2) has been reported to us under #344674 and we decided not to handle
this as a security vulnerability.
3) is a security feature, not vulnerability.
We will be preparing an upload for unstable of course so issues 2 and 3
will be fixed there. I don't think an advisory is warranted at this
time. I'm adding this to the BTS to keep track of uploading the new
version to sid.
bye,
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20051230/9ebda58c/attachment.pgp
More information about the Secure-testing-team
mailing list