Your message dated Mon, 23 May 2011 21:51:17 +0000
with message-id <[email protected]>
and subject line Bug#612477: fixed in phpbb3 3.0.7-PL1-5
has caused the Debian Bug report #612477,
regarding CVE-2011-0544: Execute javascript in [flash=] BBCode
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
612477: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612477
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: phpbb3
Version: 3.0.7-PL1-4
Severity: important
Tags: security
[PHPBB3-9903] - Execute javascript in [flash=] BBCode
References:
http://seclists.org/oss-sec/2011/q1/174
http://www.phpbb.com/support/documents.php?mode=changelog&version=3#v307-PL1
http://www.phpbb.com/community/viewtopic.php?f=14&t=2111068
http://tracker.phpbb.com/browse/PHPBB3-9903
-- System Information:
Debian Release: 6.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
--- End Message ---
--- Begin Message ---
Source: phpbb3
Source-Version: 3.0.7-PL1-5
We believe that the bug you reported is fixed in the latest version of
phpbb3, which is due to be installed in the Debian FTP archive:
phpbb3-l10n_3.0.7-PL1-5_all.deb
to main/p/phpbb3/phpbb3-l10n_3.0.7-PL1-5_all.deb
phpbb3_3.0.7-PL1-5.debian.tar.gz
to main/p/phpbb3/phpbb3_3.0.7-PL1-5.debian.tar.gz
phpbb3_3.0.7-PL1-5.dsc
to main/p/phpbb3/phpbb3_3.0.7-PL1-5.dsc
phpbb3_3.0.7-PL1-5_all.deb
to main/p/phpbb3/phpbb3_3.0.7-PL1-5_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
David Prévot <[email protected]> (supplier of updated phpbb3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 23 May 2011 15:59:05 -0400
Source: phpbb3
Binary: phpbb3 phpbb3-l10n
Architecture: source all
Version: 3.0.7-PL1-5
Distribution: unstable
Urgency: low
Maintainer: Jeroen van Wolffelaar <[email protected]>
Changed-By: David Prévot <[email protected]>
Description:
phpbb3 - full-featured, skinnable non-threaded web forum
phpbb3-l10n - additional language files for phpBB
Closes: 595536 597373 599480 612441 612477 613060
Changes:
phpbb3 (3.0.7-PL1-5) unstable; urgency=low
.
[ David Prévot ]
* Fix broken cache, thanks to Nicolas Schodet (actually closes: #599480).
* Fix cross site scripting vulnerability (closes: #612477) [CVE-2011-0544].
* Enforce run_sql with "-h localhost" when $dbc_dbserver is empty
(closes: #613060).
* Don't use local lib on preinst (closes: #595536).
* Update to policy 3.9.2: no change needed.
* Update my email address.
.
[ Jean-Marc Roth ]
* Fix postgres failure when postgres server is remote (closes: #612441).
* Don't be too rude on trying to uninstall when unsupported webserver is
used (closes: #597373).
Checksums-Sha1:
d2082e4aa82227ed14fa8b20b70d672c66c77a2a 42559 phpbb3_3.0.7-PL1-5.dsc
06a2e4e4d679a3eac3fa67456255b5db53e1b033 130399
phpbb3_3.0.7-PL1-5.debian.tar.gz
52026965da6a4302cf98cd7f7d96745d2ec4287e 2302372 phpbb3_3.0.7-PL1-5_all.deb
dcc83480bb6303fcc4cf6fffddabc0dc40a74a68 8510504
phpbb3-l10n_3.0.7-PL1-5_all.deb
Checksums-Sha256:
8c5befdbd068f7a8f97bee2ab26cb809c93612e6c8aa137d8d7c2b3a8cb4a0f0 42559
phpbb3_3.0.7-PL1-5.dsc
ff21bedaf6401ab63e961fce97c01134d94bca5365976bf1576b3b9142e64957 130399
phpbb3_3.0.7-PL1-5.debian.tar.gz
9ae0e5019405421c29d88abc740fd1cdf2644e8f0faad472d9661441bd3ecbaf 2302372
phpbb3_3.0.7-PL1-5_all.deb
ab5b80c45d9bf274697e81cfdd06109c30673c21be7ac077628014464d51d0d7 8510504
phpbb3-l10n_3.0.7-PL1-5_all.deb
Files:
054b4f2a044b7fb51f8604e8915fb816 42559 web optional phpbb3_3.0.7-PL1-5.dsc
2398e3dfdcc30d47d006544a7f1319f8 130399 web optional
phpbb3_3.0.7-PL1-5.debian.tar.gz
2b38a0060c5c3f7fc378125e68a0d612 2302372 web optional
phpbb3_3.0.7-PL1-5_all.deb
9c4771bb16591214d5c0609a260d5203 8510504 localization optional
phpbb3-l10n_3.0.7-PL1-5_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCAAGBQJN2r/KAAoJELgqIXr9/gnyxUAP/06T9NItYLfFFSUE/VKm8//V
24tAkWu2g+11gac/8f8RJyCmnO+fEueisCzyP4CM+paAtnzzhAJRRkPt9OnLRlda
NJOVUs2Lq9eFVrqzEsWChQ4/MAZaGJl47VHFZH7RckmbGc28P3wa2+/T3319Fu9N
bX1fEBIvmfAefKO/81+mxoVAzJHU6OJMKH0JdslklXZoX0TomOr4NBDfTHp4zmpZ
iGTe9tsQFH3ArXVByOyU0R+VMyeOeJ/zs7h6RGEzTMIoYjIDoftWmWaXNqQaB2dt
HcL5VEvA6jKVGpZP7ANMsekmqrU0xVLm5vaxR7nu97OUiXk2I45+Og0S+zBlTLCF
ciiF+faDzzqiywljodgV487h+ylKQx3aLGng7KrjZlwEb1Uwg9CTYFLa3SmGQd7/
2fQE2WXoEP614h3TIKHpCQxcOsaIIxhw4wwruQeu4M22/vuJRJOswDjEPQdx6Nac
mewgBsBEc+SwJQUhdqLXfu3L57bBWETkJ69uk47O2t3yKws1RjP8brc/DqiHoVAj
uQksQdI/L85zjBxutONyU5mrMBlx9HL597zb/rlku2yV7LNIzEAmE67NI7VCHiCy
dtqwGgC9zjyUMGWECJdbz5dMV2BfYzlX9FNdrJ3Lk3zSQYiMf1Kn0MZGvrqG7dXi
bv2I27QJABI5uBQivk0I
=fBCc
-----END PGP SIGNATURE-----
--- End Message ---
