Re: [Secure-testing-team] phpbb, CVE-2005-3799: not vulnerable

Moritz Muehlenhoff Wed, 30 Nov 2005 03:45:41 -0800

Thijs Kinkhorst wrote:
> This is just a quick note that Debian is not vulnerable to
> CVE-2005-3799, "phpBB 2.0.18 allows remote attackers to obtain sensitive
> information via a large SQL query", since this is a path disclosure
> vulnerability.


Thanks for the notice, we already assumed it being a non-issue:

| CVE-2005-3799 (phpBB 2.0.18 allows remote attackers to obtain sensitive 
information ...)
|        - phpbb2 <unfixed> (unimportant)
|        NOTE: Not a real security problem, error messages might disclose the 
installation
|        NOTE: which is known for the Debian package anyway

Cheers,
        Moritz

_______________________________________________
Secure-testing-team mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team

Re: [Secure-testing-team] phpbb, CVE-2005-3799: not vulnerable

Reply via email to