Date: Sat, 31 Jan 2015 14:31:02 +0200 From: Henri Salo <henri@...v.fi> To: oss-security@...ts.openwall.com Subject: CVE request: phpbb3 CSRF and CSS injection Can I get 2 2015 CVEs for phpBB3 vulnerabilities fixed in 3.0.13, thanks. https://wiki.phpbb.com/Release_Highlights/3.0.13 https://tracker.phpbb.com/browse/PHPBB3-13531 https://github.com/phpbb/phpbb/pull/3316 "CSS Injection via Relative Path Overwrite. Thanks to James Kettle for bringing this to our attention" https://tracker.phpbb.com/browse/PHPBB3-13526 https://github.com/phpbb/phpbb/pull/3311 "The ucp_pm_options form key is now properly validated. Thanks to FBNeal and lampsys who reported this independently." -- Henri Salo
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ