Hi, Thank you. I'm aware of the new release, but need to backport the changes given that we're in a freeze.
> CVE-2006-6841: > Certain forms in phpBB before 2.0.22 lack session checks This is Cross Site Request Forgery. > CVE-2006-6840: > Unspecified vulnerability in phpBB before 2.0.22 has unknown impact > and remote attack vectors related to a "negative start parameter." This does not seem to warrant an update in its own: everything about it is unkown. > CVE-2006-6839: > Unspecified vulnerability in phpBB before 2.0.22 has unknown impact > and remote attack vectors related to "criteria for 'bad' redirection > targets." This is very vague again. Summarizing all three I do not see a 'grave' issue between them, but will see what the patches look like and whether they're acceptable for etch at this point. thanks, Thijs
signature.asc
Description: This is a digitally signed message part
