Bug#375865: phpbb2: phpbb 2.0.21 fixes minor security bug

Wed, 28 Jun 2006 08:45:15 -0700 

Package: phpbb2
Version: 2.0.13-6sarge3
Severity: normal

A while ago, the phpbb project released version 2.0.21, which fixes some
bugs, one of them security related. From the changelog:

[Fix] Changes to random number generator code to explicitly truncate 
      the length of the string 
[Fix] Quoting on boards with HTML enabled 
[Fix] Special characters on boards with HTML enabled 
[Fix] Redirect to list if cancelling deletion of ranks, smilies or word 
      censors
[Fix] Missing error message if an inactive user tried to login (Bug #1598)
[Fix] Do not alter post counts when just removing a poll (Bug #1602) 
[Fix] Correct error in removal of old session keys 
[Fix] Changed filtering of short search terms 
[Sec] Improved filtering on language selection (also addresses a number 
      of bug reports related to missing languages) 
[Change] Backported more efficient highlighting code from Olympus 
[Change] Backported zlib emulation code so that there is only a single 
         confirmation image even if zlib is not available 

The announcement is available here:
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=397315

I searched for a CVE number, but couldn't find one. I don't know how 
severe this bug is, but it would be nice to have an updated version for
sarge.

Thomas

PS: Thanks for working on making Debian such a great product! I really
enjoy it!

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.32
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=UTF-8)

Versions of packages phpbb2 depends on:
ii  apache2                      2.0.54-5    next generation, scalable, extenda
ii  apache2-mpm-prefork [httpd]  2.0.54-5    traditional model for Apache2
ii  debconf                      1.4.30.13   Debian configuration management sy
ii  libapache2-mod-php4          4:4.3.10-16 server-side, HTML-embedded scripti
ii  php4                         4:4.3.10-16 server-side, HTML-embedded scripti
ii  php4-cgi                     4:4.3.10-16 server-side, HTML-embedded scripti
ii  php4-mysql                   4:4.3.10-16 MySQL module for php4

-- debconf information:
* phpbb2/httpd: apache


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to