Hello, A new version of phpbb is available. It fixes 2 XSS vulns. According to Secunia : http://secunia.com/product/463/#advisories_2005 There is still an unpatched vuln in it for the remote avatar information diclosure : http://secunia.com/advisories/16868/ Maybe this one will be more secure than in the past. BTW, will you provide an anonymous cvs access for the phpBB forum code used at forums.gentoo.org? Thanks in advance, Michael
*** This bug has been marked as a duplicate of 115908 ***
Security does not care; web-apps - bump if you wish...
2.0.19 in CVS. Perhaps ping infra (tomk?) about forums.g.o?
tomk - ping ;)
Anoncvs is being worked on, not sure what the current status is. BTW 2.0.19 has a security bug which I raised with phpBB, they are going to fix it in their cvs (and I've fixed it in ours) but they won't release a new version because of it.
(In reply to comment #5) > BTW 2.0.19 has > a security bug which I raised with phpBB, they are going to fix it in their cvs > (and I've fixed it in ours) but they won't release a new version because of it. And then people ask us why it's masked.
(In reply to comment #5) > Anoncvs is being worked on, not sure what the current status is. BTW 2.0.19 has > a security bug which I raised with phpBB, they are going to fix it in their cvs > (and I've fixed it in ours) but they won't release a new version because of it. > I'll be much more confident by using your cvs version... can't wait for it to be up! Thanks for the information.
(In reply to comment #5) > Anoncvs is being worked on, not sure what the current status is. BTW 2.0.19 has > a security bug which I raised with phpBB, they are going to fix it in their cvs > (and I've fixed it in ours) but they won't release a new version because of it. > BTW, are there some snapshots available so it'll be quicker than searching for all files that you've modified ?