Package: phpbb2 Severity: grave Tags: security Justification: user security hole
[Cc:ing security@ as Sarge is affected as well] phpbb 2.0.16 fixes a security issue due to inproper escaping of the $highlight_match variable in viewtopic.php. Upstream developers classify it as critical and provide something that has a close resemblance of a patch: http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=302011 Cheers, Moritz -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12-rc5 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
