On Mon, 2005-10-31 at 12:06 +0100, Florian Weimer wrote: > | After these weaknesses were found and disclosed to the vendor > | nearly 80 days ago, several problems with unitialised variables > | were discovered that allow XSS, SQL injection and even remote > | execution of arbitrary PHP code, when phpBB is used with > | register_globals turned on. > > <http://www.hardened-php.net/advisory_172005.75.html> > > Vendor advisory: <http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=336756> > (This contains a lot of additional fixes; it's not clear which ones are > security-relevant.)
Thank you for your report; we were aware of these vulnerabilities but
the problem is exactly in the last sentence of your report: we need to
find out what exactly we need from this release.
We are working on that, but any help is greatly appreciated! So if
anyone can find out a specific patch for a specific changelog security
item, please add it to this bug. The issues as supplied by upstream:
* [Sec] backport of session keys system from olympus
* [Sec] fixed email bans to use the same pattern as email
validation and allow wildcard domain bans
* [Sec] fixed validation of topic type when posting
* [Sec] unset database password once it is no longer needed
* [Sec] fixed potential to select images outside the specified
path as avatars or smilies
* [Sec] fix globals de-registration code for PHP5 - (Stefan
Esser/Matt Kavanagh)
* [Sec] changed avatar gallery code sections to prevent possible
injection points (AnthraX101)
* [Sec] signature field is not properly sanitised for user input
when an error occurs while accessing the avatar gallery
(AnthraX101)
* [Sec] check to_username and ownership when editing a PM
(AnthraX101)
* [Sec] fixed ability to edit PM's you did not send (depablo84)
* [Sec] compare imagetype on avatar uploading to match the file
extension from uploaded file.
regards,
Thijs
signature.asc
Description: This is a digitally signed message part
