CVE-2020-5502 (https://nvd.nist.gov/vuln/detail/CVE-2020-5502): phpBB 3.2.8 allows a CSRF attack that can approve pending group memberships. CVE-2020-5501 (https://nvd.nist.gov/vuln/detail/CVE-2020-5501): phpBB 3.2.8 allows a CSRF attack that can modify a group avatar.
@maintainer(s), please bump
Ping
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=158312052d73276281ba9e49ddaf4c792fe25cd3 commit 158312052d73276281ba9e49ddaf4c792fe25cd3 Author: James Le Cuirot <chewi@gentoo.org> AuthorDate: 2020-08-23 21:59:47 +0000 Commit: James Le Cuirot <chewi@gentoo.org> CommitDate: 2020-08-23 21:59:47 +0000 www-apps/phpBB: Drop old and vulnerable 3.2.8 Bug: https://bugs.gentoo.org/717716 Bug: https://bugs.gentoo.org/737908 Package-Manager: Portage-3.0.4, Repoman-3.0.1 Signed-off-by: James Le Cuirot <chewi@gentoo.org> www-apps/phpBB/Manifest | 1 - www-apps/phpBB/phpBB-3.2.8.ebuild | 56 --------------------------------------- 2 files changed, 57 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=88bb953e4c11c2cd8e895fb086f0b48629f3ce87 commit 88bb953e4c11c2cd8e895fb086f0b48629f3ce87 Author: James Le Cuirot <chewi@gentoo.org> AuthorDate: 2020-08-23 21:58:49 +0000 Commit: James Le Cuirot <chewi@gentoo.org> CommitDate: 2020-08-23 21:58:49 +0000 www-apps/phpBB: Version bump to 3.3.1 Bug: https://bugs.gentoo.org/717716 Bug: https://bugs.gentoo.org/737908 Package-Manager: Portage-3.0.4, Repoman-3.0.1 Signed-off-by: James Le Cuirot <chewi@gentoo.org> www-apps/phpBB/Manifest | 1 + www-apps/phpBB/phpBB-3.3.1.ebuild | 57 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+)
Sorry this took so long.
(In reply to James Le Cuirot from comment #4) > Sorry this took so long. No worries! Tree is clean, no GLSA, all done.
