[phpBB] svn: r290 - trunk/phpbb2

kink at wolffelaar.nl kink at wolffelaar.nl
Mon Jul 3 13:58:43 CEST 2006


Author: kink
Date: 2006-07-03 13:58:42 +0200 (Mon, 03 Jul 2006)
New Revision: 290

Modified:
   trunk/phpbb2/changelog
Log:
add out-of-svn 2.0.18-3 version to changelog


Modified: trunk/phpbb2/changelog
===================================================================
--- trunk/phpbb2/changelog	2006-07-03 11:46:49 UTC (rev 289)
+++ trunk/phpbb2/changelog	2006-07-03 11:58:42 UTC (rev 290)
@@ -4,15 +4,27 @@
     + Addresses obscure security bug: XSS with onmouseover, only exploitable
       with Internet Explorer and Allow HTML on which is highly unrecommended
       by this package. (CVE-2005-4357, Closes: #344674, #345359)
+    + Obsoletes 027_CVE-2006-1896_admin_cmd_exec.diff.
   * [JvW] Add to source package disabled patch to enable visual
     confirmation for guest posts if visual confirmation is enabled for
     registration
     http://www.phpbb.com/files/mods/guest_confirmation_1_0_1a.mod
-  * Add Russian debconf translation, thanks Yuriy Talakan' (Closes: #367155).
   * Checked for standards version 3.7.2, no changes necessary.
 
- -- Thijs Kinkhorst <kink at squirrelmail.org>  Mon, 06 Feb 2006 16:25:09 +0100
+ -- Thijs Kinkhorst <kink at squirrelmail.org>  Mon,  3 Jul 2006 13:55:55 +0200
 
+phpbb2 (2.0.18-3) unstable; urgency=high
+
+  * High urgency because of a release critical security bug.
+
+  * Fix missing sanitizing of the Font Colour 3 variable in viewtopic.php,
+    which allowed for PHP code execution by board admins. Found by "noch22".
+    (Closes: #365533, CVE-2006-1896)
+
+  * Add Russian debconf translation, thanks Yuriy Talakan' (Closes: #367155).
+
+ -- Thijs Kinkhorst <kink at squirrelmail.org>  Tue, 23 May 2006 12:23:54 +0200
+
 phpbb2 (2.0.18-2) unstable; urgency=medium
 
   * Fix compression of SQL schema's, which broke phpbb2-conf-mysql too





More information about the phpBB-l mailing list