On Mon, May 09, 2005 at 08:13:46AM +0200, Moritz Muehlenhoff wrote: > Package: phpbb2 > Severity: grave > Justification: user security hole > > [Upstream's description is not overly verbose; they intent to release > full details in five days; please lower severity if you don't think > it's grave] > > phpbb2 2.0.15 has been released and addresses a security issue, which > upstream describes as "serious". I'm not familiar with phpbb2, but it > looks like missing input sanitization in the bbcode code.
Yeah, I read about it yesterday (was away for a few days) -- thanks for reporting. I didn't yet look into it completely, looks like XSS to me. > There's something, what seems to be a patch in the PHP world, in this > forum message: > http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=288194 Only phpbb manages to produce this kind of insane manual patches... :( --Jeroen -- Jeroen van Wolffelaar [EMAIL PROTECTED] (also for Jabber & MSN; ICQ: 33944357) http://Jeroen.A-Eskwadraat.nl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
