http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=177594
net-www heard, please update. personally i do not think this needs a GLSA. from the url: A new release of phpBB 2.0.6 is now available for download, phpBB 2.0.6d. This addresses a vulnerability in viewtopic, a potential issue with login and may address current issues with Zend Optimizer 2.5. The viewtopic vulnerability, again released to bugtraq without us first being notified ... sigh, is of the cross-site scripting type. While relatively minor it can allow information to be obtained without the users direct knowledge. Thus we recommend all admins upgrade their board as soon as possible. The relevant fix is noted below. The login issue is similar in nature and has been addressed to counter potential future problems. ... bump to latest version, or use the patch available at that url.
2.0.6-r2 is in cvs which is 2.0.6d the only problem i see is, the filename is the same can we close this bug ?
Had a look at the code. It's fixed already. Before adding this bug report the latest changelog entry was from december. Hey - you're fast! :)