Package: phpbb2 Severity: wishlist Hello all,
The phpBB authors have released 2.0.19 today which lists the following
issues labeled as security:
1 * [Sec] fixed XSS issue (only valid for Internet Explorer) within the
url bbcode
2 * [Sec] fixed XSS issue (only valid for Internet Explorer) if html
tags are allowed and enabled
3 * [Sec] added configurable maximum login attempts to prevent
dictionary attacks
1) has already been fixed in Debian because we applied a smarter fix for
a previous problem with that same code.
2) has been reported to us under #344674 and we decided not to handle
this as a security vulnerability.
3) is a security feature, not vulnerability.
We will be preparing an upload for unstable of course so issues 2 and 3
will be fixed there. I don't think an advisory is warranted at this
time. I'm adding this to the BTS to keep track of uploading the new
version to sid.
bye,
Thijs
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
