phpbb3: clear-up confusion following my registering...

Sylvain Beucler Tue, 01 Oct 2019 04:24:25 -0700


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9c1aa9a4 by Sylvain Beucler at 2019-10-01T11:22:53Z
CVE-2019-13376/phpbb3: clear-up confusion following my registering 
CVE-2019-16993 (earlier vulnerability with incomplete fix)

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11542,12 +11542,14 @@ CVE-2019-13377 (The implementations of SAE and 
EAP-pwd in hostapd and wpa_suppli
        NOTE: Patches: https://w1.fi/security/2019-6/
 CVE-2019-13376 (phpBB version 3.2.7 allows the stealing of an Administration 
Control P ...)
        - phpbb3 <removed>
-       NOTE: 
https://github.com/phpbb/phpbb/commit/dc5a167c429a3813d66b0ae3d14242650466cac6
+       NOTE: 
https://ssd-disclosure.com/archives/4007/ssd-advisory-phpbb-csrf-token-hijacking-leading-to-stored-xss
+       NOTE: fixed in 3.2.8 as 'SECURITY-246'
+       NOTE: 
https://github.com/phpbb/phpbb/commit/cdf4f5ef85f05c0f94eae1a9edb1c28d4ac3515f
+       NOTE: follow-up to incomplete fix for CVE-2019-16993
 CVE-2019-16993 (In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has 
improper v ...)
        {DLA-1942-1}
        - phpbb3 <removed>
        NOTE: 
https://github.com/phpbb/phpbb/commit/18abef716ecf42a35416444f3f84f5459d573789
-       NOTE: 
https://github.com/phpbb/phpbb/commit/cdf4f5ef85f05c0f94eae1a9edb1c28d4ac3515f
        NOTE: https://www.phpbb.com/community/viewtopic.php?t=2352606
 CVE-2019-13375 (A SQL Injection was discovered in D-Link Central WiFi Manager 
CWM(100) ...)
        NOT-FOR-US: D-Link


=====================================
data/DLA/list
=====================================
@@ -1,5 +1,5 @@
 [01 Oct 2019] DLA-1942-1 phpbb3 - security update
-       {CVE-2019-16993}
+       {CVE-2019-13376 CVE-2019-16993}
        [jessie] - phpbb3 3.0.12-5+deb8u4
 [30 Sep 2019] DLA-1941-1 netty - security update
        {CVE-2019-16869}



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9c1aa9a434df31002696af43bec084775018523c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9c1aa9a434df31002696af43bec084775018523c
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2019-13376/phpbb3: clear-up confusion following my registering...

Reply via email to