Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 231580 (CVE-2008-3224)

Summary: www-apps/phpBB < 3.0.2: "login box redirect" issue (CVE-2008-3224)
Product: Gentoo Security Reporter: Hanno Böck <hanno>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: bunder
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.phpbb.com/community/viewtopic.php?f=14&t=1059565
Whiteboard: ~? [noglsa]
Package list:
Runtime testing required: ---

Description Hanno Böck gentoo-dev 2008-07-12 12:08:23 UTC 
From the changelog of phpbb 3.0.2:
[Sec] Only allow urls gone through redirect() being used within login_box(). (thanks nookieman)
Comment 1 Matthias Geerdsen (RETIRED) gentoo-dev 2008-07-12 18:57:15 UTC 
thanks Hanno

web-apps, please provide an updated ebuild
Comment 2 Chris Henhawke (RETIRED) gentoo-dev 2008-07-20 13:19:54 UTC 
manual/local version bump to 3.0.2 worked successfully.  should work until they update the ebuild in portage.
Comment 3 Gunnar Wrobel (RETIRED) gentoo-dev 2008-07-31 20:29:43 UTC 
Bumped to 3.0.2, removed vulnerable versions. Unstable on all archs. webapps done.
Comment 4 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-07-31 21:04:09 UTC 
thanks, closing without glsa.