Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 31 Jan 2015 14:31:02 +0200
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Subject: CVE request: phpbb3 CSRF and CSS injection

Can I get 2 2015 CVEs for phpBB3 vulnerabilities fixed in 3.0.13, thanks.

https://wiki.phpbb.com/Release_Highlights/3.0.13

https://tracker.phpbb.com/browse/PHPBB3-13531
https://github.com/phpbb/phpbb/pull/3316
"CSS Injection via Relative Path Overwrite. Thanks to James Kettle for bringing
this to our attention"

https://tracker.phpbb.com/browse/PHPBB3-13526
https://github.com/phpbb/phpbb/pull/3311
"The ucp_pm_options form key is now properly validated. Thanks to FBNeal and
lampsys who reported this independently."

-- 
Henri Salo

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ