Date: Wed, 19 May 2010 18:59:42 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: Josh Bressers <bressers@...hat.com> cc: Hanno Böck <hanno@...eck.de>, "Steven M. Christey" <coley@...us.mitre.org>, oss-security@...ts.openwall.com Subject: Re: CVE request: phpbb 3.0.7 and before 3.0.5 On Wed, 19 May 2010, Josh Bressers wrote: > ----- "Hanno Böck" <hanno@...eck.de> wrote: >> Am Dienstag 18 Mai 2010 schrieb Josh Bressers: >>> >>> http://www.phpbb.com/community/viewtopic.php?f=14&p=9764445 >>> # [Sec] Only use forum id supplied for posting if global >>> announcement detected. (Reported by nickvergessen) >>> >>> CVE-2010-1630 phpbb 3.0.5 unspecified flaw >> >> Shouldn't this be CVE-2009-XXXX ? Ideally yes, but the ID is out there so we may as well use it. This happens sometimes. It doesn't look like it became "widely public" until a couple months ago, so a 2010 ID isn't too bad. - Steve
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.