Your message dated Wed, 05 Jul 2006 13:17:55 -0700 with message-id <[EMAIL PROTECTED]> and subject line Bug#345359: fixed in phpbb2 2.0.21-1 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---Package: phpbb2 Severity: wishlist Hello all, The phpBB authors have released 2.0.19 today which lists the following issues labeled as security: 1 * [Sec] fixed XSS issue (only valid for Internet Explorer) within the url bbcode 2 * [Sec] fixed XSS issue (only valid for Internet Explorer) if html tags are allowed and enabled 3 * [Sec] added configurable maximum login attempts to prevent dictionary attacks 1) has already been fixed in Debian because we applied a smarter fix for a previous problem with that same code. 2) has been reported to us under #344674 and we decided not to handle this as a security vulnerability. 3) is a security feature, not vulnerability. We will be preparing an upload for unstable of course so issues 2 and 3 will be fixed there. I don't think an advisory is warranted at this time. I'm adding this to the BTS to keep track of uploading the new version to sid. bye, Thijs
signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---Source: phpbb2 Source-Version: 2.0.21-1 We believe that the bug you reported is fixed in the latest version of phpbb2, which is due to be installed in the Debian FTP archive: phpbb2-conf-mysql_2.0.21-1_all.deb to pool/main/p/phpbb2/phpbb2-conf-mysql_2.0.21-1_all.deb phpbb2-languages_2.0.21-1_all.deb to pool/main/p/phpbb2/phpbb2-languages_2.0.21-1_all.deb phpbb2_2.0.21-1.diff.gz to pool/main/p/phpbb2/phpbb2_2.0.21-1.diff.gz phpbb2_2.0.21-1.dsc to pool/main/p/phpbb2/phpbb2_2.0.21-1.dsc phpbb2_2.0.21-1_all.deb to pool/main/p/phpbb2/phpbb2_2.0.21-1_all.deb phpbb2_2.0.21.orig.tar.gz to pool/main/p/phpbb2/phpbb2_2.0.21.orig.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thijs Kinkhorst <[EMAIL PROTECTED]> (supplier of updated phpbb2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Tue, 4 Jul 2006 15:23:28 +0200 Source: phpbb2 Binary: phpbb2-languages phpbb2-conf-mysql phpbb2 Architecture: source all Version: 2.0.21-1 Distribution: unstable Urgency: low Maintainer: Jeroen van Wolffelaar <[EMAIL PROTECTED]> Changed-By: Thijs Kinkhorst <[EMAIL PROTECTED]> Description: phpbb2 - A fully featured and skinnable flat (non-threaded) webforum phpbb2-conf-mysql - Automatic configurator for phpbb2 on MySQL database phpbb2-languages - phpBB2 additional languages Closes: 344674 345359 345359 363676 375865 Changes: phpbb2 (2.0.21-1) unstable; urgency=low . * New upstream release (Closes: #345359, #375865). + Addresses obscure security bug: XSS with onmouseover, only exploitable with Internet Explorer and Allow HTML on which is highly unrecommended by this package. (CVE-2005-4357, Closes: #344674, #345359) + Obsoletes 027_CVE-2006-1896_admin_cmd_exec.diff. . * Add 019_disable_logintries.diff: skip this new feature since it's incompatible with the database-layout. . * [JvW] Add to source package disabled patch to enable visual confirmation for guest posts if visual confirmation is enabled for registration http://www.phpbb.com/files/mods/guest_confirmation_1_0_1a.mod . * Add 101_fix_german.diff: fixes for German translation, thanks Mathias Hasselmann (Closes: #363676). * Add Dutch translation by myself. . * Checked for standards version 3.7.2, no changes necessary. * Update my maintainer address. Files: e718f7e150a813e988dea5e69f733a77 717 web optional phpbb2_2.0.21-1.dsc 30383a9bf6c5d21736e4bdf9ec7852d5 3203456 web optional phpbb2_2.0.21.orig.tar.gz b973e6d14f71a0c0e5895de6440c6ee8 83756 web optional phpbb2_2.0.21-1.diff.gz bb659e2564cd4ed1d0007afb56ee2c3c 544728 web optional phpbb2_2.0.21-1_all.deb 2eec7b55929330ac2d6f2b0b3c1f14da 51830 web extra phpbb2-conf-mysql_2.0.21-1_all.deb 1e0fc7ba4891e0bc9e5019fd2d97d72f 2729634 web optional phpbb2-languages_2.0.21-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFErArZJdKMxZV9WM8RAkdJAJ9J9c8HsNUo0N0vDkWKhLlHlbw2fwCfXwjE JFOORvJrA7XAVhEohh3ACbQ= =PjcM -----END PGP SIGNATURE-----
--- End Message ---

