Bug#310827: CAN-2005-1290: Multiple cross-site scripting vulnerability

2005-07-11 Thread Thijs Kinkhorst
On Tue, June 28, 2005 12:37, Jeroen van Wolffelaar wrote: I just tried plain upstream 2.0.14, and with point 2 the output was seriously mangled, but not vulnerable or something (no html meta characters). Point 1 remains unclear what actually the problem is, point 3 is still not a vulnerability

Bug#310827: CAN-2005-1290: Multiple cross-site scripting vulnerability

2005-07-11 Thread Jeroen van Wolffelaar
On Mon, Jul 11, 2005 at 01:55:08PM +0200, Thijs Kinkhorst wrote: On Tue, June 28, 2005 12:37, Jeroen van Wolffelaar wrote: I just tried plain upstream 2.0.14, and with point 2 the output was seriously mangled, but not vulnerable or something (no html meta characters). Point 1 remains

Bug#310827: CAN-2005-1290: Multiple cross-site scripting vulnerability

2005-06-28 Thread Thijs Kinkhorst
On Tue, June 14, 2005 16:27, Thijs Kinkhorst wrote: I also cannot reproduce any exploit with points 1,2. Given that the full upstream fix has been backported to Debian, and also considering the quality of the referenced report, I think it's safe to say that this vulnerability is indeed fixed.

Bug#310827: CAN-2005-1290: Multiple cross-site scripting vulnerability

2005-06-28 Thread Jeroen van Wolffelaar
On Tue, Jun 28, 2005 at 12:14:13PM +0200, Thijs Kinkhorst wrote: On Tue, June 14, 2005 16:27, Thijs Kinkhorst wrote: I also cannot reproduce any exploit with points 1,2. Given that the full upstream fix has been backported to Debian, and also considering the quality of the referenced

Bug#310827: CAN-2005-1290: Multiple cross-site scripting vulnerability

2005-06-14 Thread Thijs Kinkhorst
Hello Jeroen, I also cannot reproduce any exploit with points 1,2. Given that the full upstream fix has been backported to Debian, and also considering the quality of the referenced report, I think it's safe to say that this vulnerability is indeed fixed. Unfortunately, upstream doesn't mention

Bug#310827: CAN-2005-1290: Multiple cross-site scripting vulnerability

2005-05-26 Thread Martin Pitt
Package: phpbb2 Version: 2.0.13+1-6 Severity: important Tags: security Hi! phpbb2's changelog does not make it clear whether the three issues mentioned in http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1290 are already fixed. Can you please check this? If they are still present,

Bug#310827: CAN-2005-1290: Multiple cross-site scripting vulnerability

2005-05-26 Thread Thijs Kinkhorst
Hello Martin, Thanks for your report. On Thu, May 26, 2005 11:15, Martin Pitt wrote: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1290 Jeroen, can you check this? I'm currently unable to do that from here. Thanks. Thijs -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a

Bug#310827: CAN-2005-1290: Multiple cross-site scripting vulnerability

2005-05-26 Thread Jeroen van Wolffelaar
On Thu, May 26, 2005 at 11:15:07AM +0200, Martin Pitt wrote: Package: phpbb2 Version: 2.0.13+1-6 Severity: important Tags: security Hi! phpbb2's changelog does not make it clear whether the three issues mentioned in http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1290 (1) I