Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 12 May 2015 14:54:25 -0400 (EDT)
From: cve-assign@...re.org
To: alessandro@...dini.me
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request: phpbb open redirect

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>> Security: An insufficient check allowed users of the Google Chrome browser to
>> be redirected to external domains (e.g. on login). Thanks to Mathias Karlsson
>> (avlidienbrunn)

> fixed in 3.1.4 and 3.0.14

> https://github.com/phpbb/phpbb/commit/1a3350619f428d9d69d196c52128727e27ef2f04
> https://www.phpbb.com/community/viewtopic.php?f=14&t=2313941
> https://wiki.phpbb.com/Release_Highlights/3.0.14
> https://wiki.phpbb.com/Release_Highlights/3.1.4

Use CVE-2015-3880.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVUkv+AAoJEKllVAevmvmsJR0IAMnz1YeuIf4L9aHiUHJ7JdgK
hIafJYE/TETW2NqT86BSdZsO7T7EeZayYNxrMbIw1kiCXYDWu5T/1k38YXc5Ncgu
AYccoKUzDqoNF/IAIMuZ2DDIHQysbsroWtkf/mySqSu7PzH0NT8lUfR2QI6kjXEy
A6Qwx6biUnBMJi4vpzFYbNGSmDmQhwtQs2XfbpBr0nxBquyAUlRrn0of8GyuWcAr
2RTBnlAuOO/8gBVW1eH7DYAqPXTxTqdFpB6m744Rmw+3N2RqmVyDrTEOaqNOIHs/
m5HRCvYqmGK9m2l4kezh+8G3WynPH9o/jpLZKUpknhs28cXS+Ga55hSULh2sYyI=
=Q6m9
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ