Re: [oss-security] CVE request: phpbb 3.0.7 and before 3.0.5

From: Hanno BÃ¶ck <hanno_at_nospam>
Date: Wed May 19 2010 - 08:14:39 GMT
To: oss-security@lists.openwall.com

Am Dienstag 18 Mai 2010 schrieb Josh Bressers:
> ----- "Steven M. Christey" <coley@linus.mitre.org> wrote:
> [...]
>
> > So this could use a CVE, too. At worst it's a signal to consumers that
> > they need to patch, even if the developer isn't clearly explaining why.
> >
> > Not much different than your typical Linux kernel bug, actually :-/
> >
> > - Steve
>
> Here goes:
>
> http://www.phpbb.com/community/viewtopic.php?f=14&p=9764445
> # [Sec] Only use forum id supplied for posting if global announcement
> detected. (Reported by nickvergessen)
>
> CVE-2010-1630 phpbb 3.0.5 unspecified flaw

Shouldn't this be CVE-2009-XXXX ?

-- Hanno BÃ¶ck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: hanno@hboeck.de http://schokokeks.org - professional webhosting

This message: [ Message body ]
Next message: Ludwig Nussel: "Re: [oss-security] [oCERT-2010-001] multiple http client unexpected download filename vulnerability"
Previous message: Eugene Teo: "Re: [oss-security] CVE request: kernel: cifs: cifs_create() NULL pointer dereference"
In reply to: Josh Bressers: "Re: [oss-security] CVE request: phpbb 3.0.7 and before 3.0.5"
Next in thread: Josh Bressers: "Re: [oss-security] CVE request: phpbb 3.0.7 and before 3.0.5"
Reply: Josh Bressers: "Re: [oss-security] CVE request: phpbb 3.0.7 and before 3.0.5"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]