Date: Tue, 12 May 2015 10:55:59 +0200 From: Alessandro Ghedini <alessandro@...dini.me> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: CVE Request: phpbb open redirect Hello, from the phpbb 3.0.14 release highlight: > Security: An insufficient check allowed users of the Google Chrome browser to > be redirected to external domains (e.g. on login). Thanks to Mathias Karlsson > (avlidienbrunn) for bringing this to our attention. https://wiki.phpbb.com/Release_Highlights/3.0.14 The patch seems to be this one: https://github.com/phpbb/phpbb/commit/1a3350619f428d9d69d196c52128727e27ef2f04 Honestly, there doesn't seem to be much information publicly available, but can a CVE be assigned for this please? Thanks Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ