Your message dated Wed, 05 Jul 2006 13:17:56 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#375865: fixed in phpbb2 2.0.21-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: phpbb2
Version: 2.0.13-6sarge3
Severity: normal

A while ago, the phpbb project released version 2.0.21, which fixes some
bugs, one of them security related. From the changelog:

[Fix] Changes to random number generator code to explicitly truncate 
      the length of the string 
[Fix] Quoting on boards with HTML enabled 
[Fix] Special characters on boards with HTML enabled 
[Fix] Redirect to list if cancelling deletion of ranks, smilies or word 
      censors
[Fix] Missing error message if an inactive user tried to login (Bug #1598)
[Fix] Do not alter post counts when just removing a poll (Bug #1602) 
[Fix] Correct error in removal of old session keys 
[Fix] Changed filtering of short search terms 
[Sec] Improved filtering on language selection (also addresses a number 
      of bug reports related to missing languages) 
[Change] Backported more efficient highlighting code from Olympus 
[Change] Backported zlib emulation code so that there is only a single 
         confirmation image even if zlib is not available 

The announcement is available here:
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=397315

I searched for a CVE number, but couldn't find one. I don't know how 
severe this bug is, but it would be nice to have an updated version for
sarge.

Thomas

PS: Thanks for working on making Debian such a great product! I really
enjoy it!

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.32
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=UTF-8)

Versions of packages phpbb2 depends on:
ii  apache2                      2.0.54-5    next generation, scalable, extenda
ii  apache2-mpm-prefork [httpd]  2.0.54-5    traditional model for Apache2
ii  debconf                      1.4.30.13   Debian configuration management sy
ii  libapache2-mod-php4          4:4.3.10-16 server-side, HTML-embedded scripti
ii  php4                         4:4.3.10-16 server-side, HTML-embedded scripti
ii  php4-cgi                     4:4.3.10-16 server-side, HTML-embedded scripti
ii  php4-mysql                   4:4.3.10-16 MySQL module for php4

-- debconf information:
* phpbb2/httpd: apache


--- End Message ---
--- Begin Message ---
Source: phpbb2
Source-Version: 2.0.21-1

We believe that the bug you reported is fixed in the latest version of
phpbb2, which is due to be installed in the Debian FTP archive:

phpbb2-conf-mysql_2.0.21-1_all.deb
  to pool/main/p/phpbb2/phpbb2-conf-mysql_2.0.21-1_all.deb
phpbb2-languages_2.0.21-1_all.deb
  to pool/main/p/phpbb2/phpbb2-languages_2.0.21-1_all.deb
phpbb2_2.0.21-1.diff.gz
  to pool/main/p/phpbb2/phpbb2_2.0.21-1.diff.gz
phpbb2_2.0.21-1.dsc
  to pool/main/p/phpbb2/phpbb2_2.0.21-1.dsc
phpbb2_2.0.21-1_all.deb
  to pool/main/p/phpbb2/phpbb2_2.0.21-1_all.deb
phpbb2_2.0.21.orig.tar.gz
  to pool/main/p/phpbb2/phpbb2_2.0.21.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thijs Kinkhorst <[EMAIL PROTECTED]> (supplier of updated phpbb2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue,  4 Jul 2006 15:23:28 +0200
Source: phpbb2
Binary: phpbb2-languages phpbb2-conf-mysql phpbb2
Architecture: source all
Version: 2.0.21-1
Distribution: unstable
Urgency: low
Maintainer: Jeroen van Wolffelaar <[EMAIL PROTECTED]>
Changed-By: Thijs Kinkhorst <[EMAIL PROTECTED]>
Description: 
 phpbb2     - A fully featured and skinnable flat (non-threaded) webforum
 phpbb2-conf-mysql - Automatic configurator for phpbb2 on MySQL database
 phpbb2-languages - phpBB2 additional languages
Closes: 344674 345359 345359 363676 375865
Changes: 
 phpbb2 (2.0.21-1) unstable; urgency=low
 .
   * New upstream release (Closes: #345359, #375865).
     + Addresses obscure security bug: XSS with onmouseover, only exploitable
       with Internet Explorer and Allow HTML on which is highly unrecommended
       by this package. (CVE-2005-4357, Closes: #344674, #345359)
     + Obsoletes 027_CVE-2006-1896_admin_cmd_exec.diff.
 .
   * Add 019_disable_logintries.diff: skip this new feature since it's
     incompatible with the database-layout.
 .
   * [JvW] Add to source package disabled patch to enable visual
     confirmation for guest posts if visual confirmation is enabled for
     registration
     http://www.phpbb.com/files/mods/guest_confirmation_1_0_1a.mod
 .
   * Add 101_fix_german.diff: fixes for German translation, thanks
     Mathias Hasselmann (Closes: #363676).
   * Add Dutch translation by myself.
 .
   * Checked for standards version 3.7.2, no changes necessary.
   * Update my maintainer address.
Files: 
 e718f7e150a813e988dea5e69f733a77 717 web optional phpbb2_2.0.21-1.dsc
 30383a9bf6c5d21736e4bdf9ec7852d5 3203456 web optional phpbb2_2.0.21.orig.tar.gz
 b973e6d14f71a0c0e5895de6440c6ee8 83756 web optional phpbb2_2.0.21-1.diff.gz
 bb659e2564cd4ed1d0007afb56ee2c3c 544728 web optional phpbb2_2.0.21-1_all.deb
 2eec7b55929330ac2d6f2b0b3c1f14da 51830 web extra 
phpbb2-conf-mysql_2.0.21-1_all.deb
 1e0fc7ba4891e0bc9e5019fd2d97d72f 2729634 web optional 
phpbb2-languages_2.0.21-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFErArZJdKMxZV9WM8RAkdJAJ9J9c8HsNUo0N0vDkWKhLlHlbw2fwCfXwjE
JFOORvJrA7XAVhEohh3ACbQ=
=PjcM
-----END PGP SIGNATURE-----


--- End Message ---

Reply via email to