Hello Moritz, Thanks for your report. We were given notice about this but couldn't reproduce the mentioned bug in our current phpbb2 Debian versions.
On Tue, June 28, 2005 11:16, Moritz Muehlenhoff wrote: > [Cc:ing security@ as Sarge is affected as well] Can you clarify: have you verified that sarge is affected, or is that based on the version number? > phpbb 2.0.16 fixes a security issue due to inproper escaping of the > $highlight_match variable in viewtopic.php. > > Upstream developers classify it as critical and provide something that > has a close resemblance of a patch: > http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=302011 That phpbb-style "patch" is not that clear but as far as I can tell, it does an addslashes() on $highlight_match. The patch seems to make sense: if you put the words straght into the regexp you can manipulate that at will, and the addslashes prevents that. However, I haven't been able to reproduce it (so we can test whether the problem is actually solved by this). He who has a testcase, please speak up now! regards Thijs -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
