[Secure-testing-team] phpbb, CVE-2005-3799: not vulnerable
Moritz Muehlenhoff
jmm at inutil.org
Wed Nov 30 11:45:21 UTC 2005
Thijs Kinkhorst wrote:
> This is just a quick note that Debian is not vulnerable to
> CVE-2005-3799, "phpBB 2.0.18 allows remote attackers to obtain sensitive
> information via a large SQL query", since this is a path disclosure
> vulnerability.
Thanks for the notice, we already assumed it being a non-issue:
| CVE-2005-3799 (phpBB 2.0.18 allows remote attackers to obtain sensitive information ...)
| - phpbb2 <unfixed> (unimportant)
| NOTE: Not a real security problem, error messages might disclose the installation
| NOTE: which is known for the Debian package anyway
Cheers,
Moritz
More information about the Secure-testing-team
mailing list