Moritz Muehlenhoff
2006-Mar-13 12:28 UTC
[Secure-testing-team] phpbb, CVE-2005-3799: not vulnerable
Thijs Kinkhorst wrote:> This is just a quick note that Debian is not vulnerable to > CVE-2005-3799, "phpBB 2.0.18 allows remote attackers to obtain sensitive > information via a large SQL query", since this is a path disclosure > vulnerability.Thanks for the notice, we already assumed it being a non-issue: | CVE-2005-3799 (phpBB 2.0.18 allows remote attackers to obtain sensitive information ...) | - phpbb2 <unfixed> (unimportant) | NOTE: Not a real security problem, error messages might disclose the installation | NOTE: which is known for the Debian package anyway Cheers, Moritz
Martin Schulze
2006-Mar-13 12:28 UTC
[Secure-testing-team] Re: phpbb, CVE-2005-3799: not vulnerable
Thijs Kinkhorst wrote:> Hey people, > > This is just a quick note that Debian is not vulnerable to > CVE-2005-3799, "phpBB 2.0.18 allows remote attackers to obtain sensitive > information via a large SQL query", since this is a path disclosure > vulnerability. > > We''re working on fixing phpbb for sarge for the other issues at the > moment.Thanks. Regards, Joey -- Have you ever noticed that "General Public Licence" contains the word "Pub"?
Thijs Kinkhorst
2006-Mar-13 12:28 UTC
[Secure-testing-team] phpbb, CVE-2005-3799: not vulnerable
Hey people, This is just a quick note that Debian is not vulnerable to CVE-2005-3799, "phpBB 2.0.18 allows remote attackers to obtain sensitive information via a large SQL query", since this is a path disclosure vulnerability. We''re working on fixing phpbb for sarge for the other issues at the moment. regards, Thijs -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20051130/b74913b4/attachment.pgp