Hello Moritz,
Thanks for your report. We were given notice about this but couldn't
reproduce the mentioned bug in our current phpbb2 Debian versions.
On Tue, June 28, 2005 11:16, Moritz Muehlenhoff wrote:
> [Cc:ing security@ as Sarge is affected as well]
Can you clarify: have you verified that s
Package: phpbb2
Severity: grave
Tags: security
Justification: user security hole
[Cc:ing security@ as Sarge is affected as well]
phpbb 2.0.16 fixes a security issue due to inproper escaping of the
$highlight_match variable in viewtopic.php.
Upstream developers classify it as critical and provide
2 matches
Mail list logo
