| Summary: | <www-apps/phpBB-3.1.10: open redirect (CVE-2015-3880) | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> | ||||
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | minor | CC: | chewi, web-apps | ||||
| Priority: | Normal | ||||||
| Version: | unspecified | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| URL: | http://www.openwall.com/lists/oss-security/2015/05/12/2 | ||||||
| Whiteboard: | B3 [noglsa cve] | ||||||
| Package list: | Runtime testing required: | --- | |||||
| Attachments: |
|
||||||
@Maintainers: Can you post a new ebuild? Created attachment 439780 [details]
phpBB-3.1.9.ebuild
Comment on attachment 439780 [details]
phpBB-3.1.9.ebuild
quickly put together and install tested.
3.1.10 is now in the tree and 3.0.x is now removed. Security team, please do your thing. GLSA Vote: No @ Maintainer(s): Thank for your work! |
From ${URL} : from the phpbb 3.0.14 release highlight: > Security: An insufficient check allowed users of the Google Chrome browser to > be redirected to external domains (e.g. on login). Thanks to Mathias Karlsson > (avlidienbrunn) for bringing this to our attention. https://wiki.phpbb.com/Release_Highlights/3.0.14 The patch seems to be this one: https://github.com/phpbb/phpbb/commit/1a3350619f428d9d69d196c52128727e27ef2f04 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.