Thijs Kinkhorst
2006-Mar-13 12:28 UTC
[Secure-testing-team] phpBB 2.0.19 released, Debian appears not vulnerable
Package: phpbb2
Severity: wishlist
Hello all,
The phpBB authors have released 2.0.19 today which lists the following
issues labeled as security:
1 * [Sec] fixed XSS issue (only valid for Internet Explorer) within the
url bbcode
2 * [Sec] fixed XSS issue (only valid for Internet Explorer) if html
tags are allowed and enabled
3 * [Sec] added configurable maximum login attempts to prevent
dictionary attacks
1) has already been fixed in Debian because we applied a smarter fix for
a previous problem with that same code.
2) has been reported to us under #344674 and we decided not to handle
this as a security vulnerability.
3) is a security feature, not vulnerability.
We will be preparing an upload for unstable of course so issues 2 and 3
will be fixed there. I don''t think an advisory is warranted at this
time. I''m adding this to the BTS to keep track of uploading the new
version to sid.
bye,
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20051230/9ebda58c/attachment.pgp