Bug#310827: CAN-2005-1290: Multiple cross-site scripting vulnerability

2005-07-11 Thread Jeroen van Wolffelaar
On Mon, Jul 11, 2005 at 01:55:08PM +0200, Thijs Kinkhorst wrote: > On Tue, June 28, 2005 12:37, Jeroen van Wolffelaar wrote: > > I just tried plain upstream 2.0.14, and with point 2 the output was > > seriously mangled, but not vulnerable or something (no html meta > > characters). Point 1 remains

Bug#310827: CAN-2005-1290: Multiple cross-site scripting vulnerability

2005-07-11 Thread Thijs Kinkhorst
On Tue, June 28, 2005 12:37, Jeroen van Wolffelaar wrote: > I just tried plain upstream 2.0.14, and with point 2 the output was > seriously mangled, but not vulnerable or something (no html meta > characters). Point 1 remains unclear what actually the problem is, > point 3 is still not a vulnerabil

Bug#310827: CAN-2005-1290: Multiple cross-site scripting vulnerability

2005-06-28 Thread Jeroen van Wolffelaar
On Tue, Jun 28, 2005 at 12:14:13PM +0200, Thijs Kinkhorst wrote: > On Tue, June 14, 2005 16:27, Thijs Kinkhorst wrote: > > I also cannot reproduce any exploit with points 1,2. Given that the full > > upstream fix has been backported to Debian, and also considering the > > quality of the referenced

Bug#310827: CAN-2005-1290: Multiple cross-site scripting vulnerability

2005-06-28 Thread Thijs Kinkhorst
On Tue, June 14, 2005 16:27, Thijs Kinkhorst wrote: > I also cannot reproduce any exploit with points 1,2. Given that the full > upstream fix has been backported to Debian, and also considering the > quality of the referenced report, I think it's safe to say that this > vulnerability is indeed fixe

Bug#310827: CAN-2005-1290: Multiple cross-site scripting vulnerability

2005-06-14 Thread Thijs Kinkhorst
Hello Jeroen, I also cannot reproduce any exploit with points 1,2. Given that the full upstream fix has been backported to Debian, and also considering the quality of the referenced report, I think it's safe to say that this vulnerability is indeed fixed. Unfortunately, upstream doesn't mention C

Bug#310827: CAN-2005-1290: Multiple cross-site scripting vulnerability

2005-05-26 Thread Jeroen van Wolffelaar
On Thu, May 26, 2005 at 11:15:07AM +0200, Martin Pitt wrote: > Package: phpbb2 > Version: 2.0.13+1-6 > Severity: important > Tags: security > > Hi! > > phpbb2's changelog does not make it clear whether the three issues > mentioned in > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1

Bug#310827: CAN-2005-1290: Multiple cross-site scripting vulnerability

2005-05-26 Thread Thijs Kinkhorst
Hello Martin, Thanks for your report. On Thu, May 26, 2005 11:15, Martin Pitt wrote: > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1290 Jeroen, can you check this? I'm currently unable to do that from here. Thanks. Thijs -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subje

Bug#310827: CAN-2005-1290: Multiple cross-site scripting vulnerability

2005-05-26 Thread Martin Pitt
Package: phpbb2 Version: 2.0.13+1-6 Severity: important Tags: security Hi! phpbb2's changelog does not make it clear whether the three issues mentioned in http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1290 are already fixed. Can you please check this? If they are still present, pleas