Summary: | <www-apps/phpBB-3.0.4: Multiple vulnerabilities (CVE-2008-{6506,6507}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Bruno Buss <bruno.buss> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | boss.gentoo |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/33166/ | ||
Whiteboard: | ~4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Bruno Buss
2008-12-15 15:05:21 UTC
Added www-apps/phpBB-3.0.4, removed vulnerable version 3.0.2 and 3.0.3. Unstable on all archs. webapps done. All done, closing the bug. CVE-2008-6506 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6506): Unspecified vulnerability in phpBB before 3.0.4 allows attackers to bypass intended access restrictions and activate de-activated accounts via unknown vectors. CVE-2008-6507 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6507): Unspecified vulnerability in phpBB before 3.0.4 allows attackers to obtain sensitive information via unknown vectors related to the lack of password prompts for a private message that quotes a post in a password-protected forum. |