[phpBB] svn: r604 - in trunk/phpbb3: . patches

taffit at wolffelaar.nl taffit at wolffelaar.nl
Mon Mar 7 00:00:31 CET 2011


Author: taffit
Date: 2011-03-07 00:00:30 +0100 (Mon, 07 Mar 2011)
New Revision: 604

Modified:
   trunk/phpbb3/changelog
   trunk/phpbb3/patches/031_fix_cross_site_scripting_vulnerability_3.0.8.patch
Log:
Reference for XSS: closes: #612477 [CVE-2011-0544]

Modified: trunk/phpbb3/changelog
===================================================================
--- trunk/phpbb3/changelog	2011-02-08 20:30:27 UTC (rev 603)
+++ trunk/phpbb3/changelog	2011-03-06 23:00:30 UTC (rev 604)
@@ -1,16 +1,15 @@
-phpbb3 (3.0.7-PL1-5) unstable; urgency=low
+phpbb3 (3.0.7-PL1-5) UNRELEASED; urgency=low
 
   [ David Prévot ]
   * Fix broken cache, thanks to Nicolas Schodet (actually closes: #599480).
-  * Fix cross site scripting vulnerability:
-    http://lists.phpbb.com/pipermail/phpbb-announce/2010/000003.html 
+  * Fix cross site scripting vulnerability (closes: 612477) [CVE-2011-0544].
 
   [ Jean-Marc Roth ]
   * Fix postgres failure when postgres server is remote (closes: #612441). 
   * Don't be too rude on trying to uninstall when unsupported webserver is 
     used (closes: #597373). 
 
- -- Jean-Marc Roth <jmroth at iip.lu>  Tue, 08 Feb 2011 18:31:29 +0100
+ -- Jean-Marc Roth <jmroth at iip.lu>  Sun, 06 Mar 2011 16:29:14 -0400
 
 phpbb3 (3.0.7-PL1-4) unstable; urgency=high
 

Modified: trunk/phpbb3/patches/031_fix_cross_site_scripting_vulnerability_3.0.8.patch
===================================================================
--- trunk/phpbb3/patches/031_fix_cross_site_scripting_vulnerability_3.0.8.patch	2011-02-08 20:30:27 UTC (rev 603)
+++ trunk/phpbb3/patches/031_fix_cross_site_scripting_vulnerability_3.0.8.patch	2011-03-06 23:00:30 UTC (rev 604)
@@ -1,5 +1,7 @@
 Origin: upstream, http://lists.phpbb.com/pipermail/phpbb-announce/2010/000003.html
 Description: cross site scripting vulnerability, security fix from 3.0.8
+Bug-Debian: http://bugs.debian.org/612477
+Applied-Upstream: 3.0.8
 Index: phpbb3-3.0.7-PL1/includes/message_parser.php
 ===================================================================
 --- phpbb3-3.0.7-PL1.orig/includes/message_parser.php	2010-11-22 16:47:31.000000000 -0400





More information about the phpBB-l mailing list