Package: phpbb2 Version: 2.0.13-6sarge3 Severity: normal A while ago, the phpbb project released version 2.0.21, which fixes some bugs, one of them security related. From the changelog:
[Fix] Changes to random number generator code to explicitly truncate the length of the string [Fix] Quoting on boards with HTML enabled [Fix] Special characters on boards with HTML enabled [Fix] Redirect to list if cancelling deletion of ranks, smilies or word censors [Fix] Missing error message if an inactive user tried to login (Bug #1598) [Fix] Do not alter post counts when just removing a poll (Bug #1602) [Fix] Correct error in removal of old session keys [Fix] Changed filtering of short search terms [Sec] Improved filtering on language selection (also addresses a number of bug reports related to missing languages) [Change] Backported more efficient highlighting code from Olympus [Change] Backported zlib emulation code so that there is only a single confirmation image even if zlib is not available The announcement is available here: http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=397315 I searched for a CVE number, but couldn't find one. I don't know how severe this bug is, but it would be nice to have an updated version for sarge. Thomas PS: Thanks for working on making Debian such a great product! I really enjoy it! -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.4.32 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=UTF-8) Versions of packages phpbb2 depends on: ii apache2 2.0.54-5 next generation, scalable, extenda ii apache2-mpm-prefork [httpd] 2.0.54-5 traditional model for Apache2 ii debconf 1.4.30.13 Debian configuration management sy ii libapache2-mod-php4 4:4.3.10-16 server-side, HTML-embedded scripti ii php4 4:4.3.10-16 server-side, HTML-embedded scripti ii php4-cgi 4:4.3.10-16 server-side, HTML-embedded scripti ii php4-mysql 4:4.3.10-16 MySQL module for php4 -- debconf information: * phpbb2/httpd: apache -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]