From the changelog of phpbb 3.0.2: [Sec] Only allow urls gone through redirect() being used within login_box(). (thanks nookieman)
thanks Hanno web-apps, please provide an updated ebuild
manual/local version bump to 3.0.2 worked successfully. should work until they update the ebuild in portage.
Bumped to 3.0.2, removed vulnerable versions. Unstable on all archs. webapps done.
thanks, closing without glsa.