Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 12 May 2015 14:54:25 -0400 (EDT)
From: cve-assign@...re.org
To: alessandro@...dini.me
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request: phpbb open redirect

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>> Security: An insufficient check allowed users of the Google Chrome browser to
>> be redirected to external domains (e.g. on login). Thanks to Mathias Karlsson
>> (avlidienbrunn)

> fixed in 3.1.4 and 3.0.14

> https://github.com/phpbb/phpbb/commit/1a3350619f428d9d69d196c52128727e27ef2f04
> https://www.phpbb.com/community/viewtopic.php?f=14&t=2313941
> https://wiki.phpbb.com/Release_Highlights/3.0.14
> https://wiki.phpbb.com/Release_Highlights/3.1.4

Use CVE-2015-3880.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVUkv+AAoJEKllVAevmvmsJR0IAMnz1YeuIf4L9aHiUHJ7JdgK
hIafJYE/TETW2NqT86BSdZsO7T7EeZayYNxrMbIw1kiCXYDWu5T/1k38YXc5Ncgu
AYccoKUzDqoNF/IAIMuZ2DDIHQysbsroWtkf/mySqSu7PzH0NT8lUfR2QI6kjXEy
A6Qwx6biUnBMJi4vpzFYbNGSmDmQhwtQs2XfbpBr0nxBquyAUlRrn0of8GyuWcAr
2RTBnlAuOO/8gBVW1eH7DYAqPXTxTqdFpB6m744Rmw+3N2RqmVyDrTEOaqNOIHs/
m5HRCvYqmGK9m2l4kezh+8G3WynPH9o/jpLZKUpknhs28cXS+Ga55hSULh2sYyI=
=Q6m9
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.