phpbb 2.0.15 released - patches high critical vuln
Date: Sun, 8 May 2005 00:03:59 -0400 (EDT)
From: Paul Laudanski <zx@castlecops.com.>
To: [email protected], <bugtraq@securityfocus.com.>,
Subject: phpbb 2.0.15 released - patches high critical vuln
Message-ID: <Pine.LNX.4.44.0505072355130.17507-100000@bugsbunny.castlecops.com.>
X-Habeas-SWE-1: winter into spring
X-Habeas-SWE-2: brightly anticipated
X-Habeas-SWE-3: like Habeas SWE (tm)
X-Habeas-SWE-4: Copyright 2002 Habeas (tm)
X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this
X-Habeas-SWE-6: email in exchange for a license for this Habeas
X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant
X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this
X-Habeas-SWE-9: mark in spam to <http://www.habeas.com/report/>;.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-NOD32Result: clean
X-Virus-Scanned: antivirus-gw at tyumen.ru
I don't normally send an email about updated packages, but this one fixes
a potentially serious issue.
re: http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=288194
A high risk bbcode.php vulnerability is patched with this version, at the
very least please patch it via the link above. It was discovered by
Papados and patched by myself. In agreement with phpbb.com, we'll
(CastleCops) release the full details in five days. A CVE has been
obtained.
Alt Src: http://isc.sans.org/diary.php?date=2005-05-07
--
Sincerely,
Paul Laudanski .. Computer Cops, LLC.
Microsoft MVP Windows-Security 2005
CastleCops(SM)... http://castlecops.com
MVP Blog http://msmvps.com/castlecops
CCW Wiki http://wiki.castlecops.com
BHO/TB CLSIDs: http://castlecops.com/CLSID.html
LSPs: http://castlecops.com/LSPs.html
O23s: http://castlecops.com/O23.html
O9s: http://castlecops.com/O9.html
StartupList: http://castlecops.com/StartupList.html
________ Information from Computer Cops, L.L.C. ________
This message was checked by NOD32 Antivirus System for Linux Mail Server.
part000.txt - is OK
http://castlecops.com
