[Secure-testing-team] Re: Bug#402140: SA23283: phpbb2:
privmsg.php Cross-Site Request Forgery and Cross-Site Scripting
Stefan Fritsch
sf at sfritsch.de
Tue Dec 19 20:52:15 CET 2006
On Tuesday 19 December 2006 01:23, Thijs Kinkhorst wrote:
> The second one ( CVE-2006-6421 ) is simple XSS and the patch is
> trivial. I've extracted it from upstream and applied it in our
> package repository. Consider it "pending".
>
> Sarge is NOT vulnerable to this item; please mark it as such.
> Thanks.
Done.
Cheers,
Stefan
More information about the Secure-testing-team
mailing list