Package: phpbb2 Severity: grave Justification: user security hole [Upstream's description is not overly verbose; they intent to release full details in five days; please lower severity if you don't think it's grave]
phpbb2 2.0.15 has been released and addresses a security issue, which upstream describes as "serious". I'm not familiar with phpbb2, but it looks like missing input sanitization in the bbcode code. There's something, what seems to be a patch in the PHP world, in this forum message: http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=288194 Cheers, Moritz -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (990, 'testing') Architecture: i386 (i686) Kernel: Linux 2.4.29-vs1.2.10 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
