Your message dated Tue, 30 May 2006 10:32:19 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#365533: fixed in phpbb2 2.0.18-3
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: phpbb2
Severity: grave
Tags: security
Justification: user security hole
CVE-2006-1896:
Unspecified vulnerability in phpBB allows remote authenticated users
with Administration Panel access to execute arbitrary PHP code via
crafted Font Colour 3 ($theme[fontcolor3] variable) and/or signature
values, possibly involving the highlight functionality. NOTE: the
original report does not clarigy whether this issue is static code
injection, eval injection, or another type of vulnerability.
See
http://www.securityfocus.com/archive/1/archive/1/431015/100/0/threaded
--- End Message ---
--- Begin Message ---
Source: phpbb2
Source-Version: 2.0.18-3
We believe that the bug you reported is fixed in the latest version of
phpbb2, which is due to be installed in the Debian FTP archive:
phpbb2-conf-mysql_2.0.18-3_all.deb
to pool/main/p/phpbb2/phpbb2-conf-mysql_2.0.18-3_all.deb
phpbb2-languages_2.0.18-3_all.deb
to pool/main/p/phpbb2/phpbb2-languages_2.0.18-3_all.deb
phpbb2_2.0.18-3.diff.gz
to pool/main/p/phpbb2/phpbb2_2.0.18-3.diff.gz
phpbb2_2.0.18-3.dsc
to pool/main/p/phpbb2/phpbb2_2.0.18-3.dsc
phpbb2_2.0.18-3_all.deb
to pool/main/p/phpbb2/phpbb2_2.0.18-3_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thijs Kinkhorst <[EMAIL PROTECTED]> (supplier of updated phpbb2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 23 May 2006 12:23:54 +0200
Source: phpbb2
Binary: phpbb2-languages phpbb2-conf-mysql phpbb2
Architecture: source all
Version: 2.0.18-3
Distribution: unstable
Urgency: high
Maintainer: Jeroen van Wolffelaar <[EMAIL PROTECTED]>
Changed-By: Thijs Kinkhorst <[EMAIL PROTECTED]>
Description:
phpbb2 - A fully featured and skinnable flat (non-threaded) webforum
phpbb2-conf-mysql - Automatic configurator for phpbb2 on MySQL database
phpbb2-languages - phpBB2 additional languages
Closes: 365533 367155
Changes:
phpbb2 (2.0.18-3) unstable; urgency=high
.
* High urgency because of a release critical security bug.
.
* Fix missing sanitizing of the Font Colour 3 variable in viewtopic.php,
which allowed for PHP code execution by board admins. Found by "noch22".
(Closes: #365533, CVE-2006-1896)
.
* Add Russian debconf translation, thanks Yuriy Talakan' (Closes: #367155).
Files:
dac4f786734d2737ddfd07b07f25087d 696 web optional phpbb2_2.0.18-3.dsc
4eaa17edfe2995276c53737829680e88 73896 web optional phpbb2_2.0.18-3.diff.gz
21aea71d242555761210c90c748fc49d 535246 web optional phpbb2_2.0.18-3_all.deb
e9d1b63623aae434174fcf53e8d4a120 47932 web extra
phpbb2-conf-mysql_2.0.18-3_all.deb
9ebe18b97ddf2e8217816f8dc430868a 2725332 web optional
phpbb2-languages_2.0.18-3_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEfH5iwM/Gs81MDZ0RAs00AKC3v7qxuzTdMZUbwdkvAlUYFXfDlACbBudt
4UeKqvMVFAuVenK2WI4Cvss=
=PXs6
-----END PGP SIGNATURE-----
--- End Message ---
