Package: phpbb2 Version: 2.0.21-7 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for phpbb2.
CVE-2008-4125[0]: | The search function in phpBB 2.x provides a search_id value that | leaks the state of PHP's PRNG, which allows remote attackers to | obtain potentially sensitive information, as demonstrated by a | cross-application attack against WordPress, a different | vulnerability than CVE-2006-0632. This can create security issues in other web applications that run on the same server. This issue could also be fixed by modifying php. According to the announcement, this will be done in the next release of suhosin, but I am not sure that this will be in time for lenny. Please also check phpbb3. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4125 http://security-tracker.debian.net/tracker/CVE-2008-4125 http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
