Your message dated Tue, 29 Nov 2005 19:02:07 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#336587: fixed in phpbb2 2.0.18-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 31 Oct 2005 11:06:07 +0000
>From [EMAIL PROTECTED] Mon Oct 31 03:06:07 2005
Return-path: <[EMAIL PROTECTED]>
Received: from mail.enyo.de [212.9.189.167]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1EWXUN-0008Pd-00; Mon, 31 Oct 2005 03:06:07 -0800
Received: from deneb.vpn.enyo.de ([212.9.189.177] helo=deneb.enyo.de)
by albireo.enyo.de with esmtp id 1EWXUN-0007Vl-1N
for [EMAIL PROTECTED]; Mon, 31 Oct 2005 12:06:07 +0100
Received: from fw by deneb.enyo.de with local (Exim 4.54)
id 1EWXUH-0007Kd-P1
for [EMAIL PROTECTED]; Mon, 31 Oct 2005 12:06:01 +0100
From: Florian Weimer <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: New round of security issues
Date: Mon, 31 Oct 2005 12:06:01 +0100
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-7.0 required=4.0 tests=BAYES_01,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Package: phpbb2
Tags: security
Severity: grave
A new round of security issues in phpBB has been disclosed.
| After these weaknesses were found and disclosed to the vendor
| nearly 80 days ago, several problems with unitialised variables
| were discovered that allow XSS, SQL injection and even remote
| execution of arbitrary PHP code, when phpBB is used with
| register_globals turned on.
<http://www.hardened-php.net/advisory_172005.75.html>
Vendor advisory: <http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=336756>
(This contains a lot of additional fixes; it's not clear which ones are
security-relevant.)
---------------------------------------
Received: (at 336587-close) by bugs.debian.org; 30 Nov 2005 03:11:12 +0000
>From [EMAIL PROTECTED] Tue Nov 29 19:11:12 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
id 1EhIER-0000s5-TO; Tue, 29 Nov 2005 19:02:07 -0800
From: Thijs Kinkhorst <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.60 $
Subject: Bug#336587: fixed in phpbb2 2.0.18-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Tue, 29 Nov 2005 19:02:07 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: phpbb2
Source-Version: 2.0.18-1
We believe that the bug you reported is fixed in the latest version of
phpbb2, which is due to be installed in the Debian FTP archive:
phpbb2-conf-mysql_2.0.18-1_all.deb
to pool/main/p/phpbb2/phpbb2-conf-mysql_2.0.18-1_all.deb
phpbb2-languages_2.0.18-1_all.deb
to pool/main/p/phpbb2/phpbb2-languages_2.0.18-1_all.deb
phpbb2_2.0.18-1.diff.gz
to pool/main/p/phpbb2/phpbb2_2.0.18-1.diff.gz
phpbb2_2.0.18-1.dsc
to pool/main/p/phpbb2/phpbb2_2.0.18-1.dsc
phpbb2_2.0.18-1_all.deb
to pool/main/p/phpbb2/phpbb2_2.0.18-1_all.deb
phpbb2_2.0.18.orig.tar.gz
to pool/main/p/phpbb2/phpbb2_2.0.18.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thijs Kinkhorst <[EMAIL PROTECTED]> (supplier of updated phpbb2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 29 Nov 2005 22:06:33 +0100
Source: phpbb2
Binary: phpbb2-languages phpbb2-conf-mysql phpbb2
Architecture: source all
Version: 2.0.18-1
Distribution: unstable
Urgency: high
Maintainer: Jeroen van Wolffelaar <[EMAIL PROTECTED]>
Changed-By: Thijs Kinkhorst <[EMAIL PROTECTED]>
Description:
phpbb2 - A fully featured and skinnable flat (non-threaded) webforum
phpbb2-conf-mysql - Automatic configurator for phpbb2 on MySQL database
phpbb2-languages - phpBB2 additional languages
Closes: 334195 335662 336582 336587 339700
Changes:
phpbb2 (2.0.18-1) unstable; urgency=high
.
* New upstream release, fixes several security issues.
(Closes: #336582, #336587, #335662)
* Swedish debconf translations by Daniel Nylander (Closes: #334195).
* Upgrade debhelper compatibility to the recommended level 5.
.
[phpbb2-conf-mysql]
* Move database schemas to /usr/share/phpbb2/schemas, because
phpbb2-conf-mysql depends on them being present (Closes: #339700).
* [JvW] Updated to add new table that was added in 2.0.18, hopefully it
works, but no longer going to delay this upload for testing this change
Files:
771be3281fb4c2455dec2efe458adfff 760 web optional phpbb2_2.0.18-1.dsc
e6873d04dcd5f8b97962ea5703ccfcd0 3199643 web optional phpbb2_2.0.18.orig.tar.gz
034cfc7cdf28ed74c75c8301eb86e6d1 65843 web optional phpbb2_2.0.18-1.diff.gz
ffd2655341ea6250a0131756600f6206 533422 web optional phpbb2_2.0.18-1_all.deb
9bf02497c614cf452f89f2b0111a9815 46212 web extra
phpbb2-conf-mysql_2.0.18-1_all.deb
732e98c1c8102c8510e3361d85691a93 2724392 web optional
phpbb2-languages_2.0.18-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Signed by Jeroen van Wolffelaar <[EMAIL PROTECTED]>
iD8DBQFDjRUKl2uISwgTVp8RAiuKAJ43F/nG6GX1O6iympISvKxFPMjW3wCgq1H2
56h83ep8nkMaYerAHP96a5o=
=Jy7N
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
