oss-sec mailing list archives

Re: CVE request: phpbb 3.0.7 and before 3.0.5

From: Josh Bressers <bressers () redhat com>
Date: Tue, 18 May 2010 15:19:35 -0400 (EDT)

----- "Steven M. Christey" <coley () linus mitre org> wrote:
[...]


So this could use a CVE, too.  At worst it's a signal to consumers that
they need to patch, even if the developer isn't clearly explaining why.

Not much different than your typical Linux kernel bug, actually :-/

- Steve


Here goes:

    http://www.phpbb.com/community/viewtopic.php?f=14&p=9764445
    # [Sec] Only use forum id supplied for posting if global announcement
      detected. (Reported by nickvergessen)

CVE-2010-1630 phpbb 3.0.5 unspecified flaw

Thanks.

-- 
    JB

Current thread:

CVE request: phpbb 3.0.7 and before 3.0.5 Hanno Böck (May 16)
- Re: CVE request: phpbb 3.0.7 and before 3.0.5 Josh Bressers (May 18)
  - Re: CVE request: phpbb 3.0.7 and before 3.0.5 Steven M. Christey (May 18)
- <Possible follow-ups>
- Re: CVE request: phpbb 3.0.7 and before 3.0.5 Josh Bressers (May 18)
  - Re: CVE request: phpbb 3.0.7 and before 3.0.5 Hanno Böck (May 19)
    - Re: CVE request: phpbb 3.0.7 and before 3.0.5 Josh Bressers (May 19)
    - Re: CVE request: phpbb 3.0.7 and before 3.0.5 Steven M. Christey (May 19)
  - Message not available
    - Re: CVE request: phpbb 3.0.7 and before 3.0.5 Thijs Kinkhorst (May 19)