CVE-2020-8226: A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allowed remote image dimensions check to be used to SSRF. Versions <3.2.10 and <3.3.1 are vulnerable. Maintainers, please bump.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=158312052d73276281ba9e49ddaf4c792fe25cd3 commit 158312052d73276281ba9e49ddaf4c792fe25cd3 Author: James Le Cuirot <chewi@gentoo.org> AuthorDate: 2020-08-23 21:59:47 +0000 Commit: James Le Cuirot <chewi@gentoo.org> CommitDate: 2020-08-23 21:59:47 +0000 www-apps/phpBB: Drop old and vulnerable 3.2.8 Bug: https://bugs.gentoo.org/717716 Bug: https://bugs.gentoo.org/737908 Package-Manager: Portage-3.0.4, Repoman-3.0.1 Signed-off-by: James Le Cuirot <chewi@gentoo.org> www-apps/phpBB/Manifest | 1 - www-apps/phpBB/phpBB-3.2.8.ebuild | 56 --------------------------------------- 2 files changed, 57 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=88bb953e4c11c2cd8e895fb086f0b48629f3ce87 commit 88bb953e4c11c2cd8e895fb086f0b48629f3ce87 Author: James Le Cuirot <chewi@gentoo.org> AuthorDate: 2020-08-23 21:58:49 +0000 Commit: James Le Cuirot <chewi@gentoo.org> CommitDate: 2020-08-23 21:58:49 +0000 www-apps/phpBB: Version bump to 3.3.1 Bug: https://bugs.gentoo.org/717716 Bug: https://bugs.gentoo.org/737908 Package-Manager: Portage-3.0.4, Repoman-3.0.1 Signed-off-by: James Le Cuirot <chewi@gentoo.org> www-apps/phpBB/Manifest | 1 + www-apps/phpBB/phpBB-3.3.1.ebuild | 57 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+)
Tree is clean. No GLSA. All done.
