Package: phpbb2 Severity: grave Tags: security Justification: user security hole
phpbb2 2.0.22 fixes some more security issues: CVE-2006-6841: Certain forms in phpBB before 2.0.22 lack session checks CVE-2006-6840: Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter." CVE-2006-6839: Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets." See http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=489624 Please mention the CVE ids in the changelog. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
