lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 28 Jun 2005 09:44:34 +0200 (CEST)
From: "Christian Boenning" <security@...loren-im.net>
To: bugtraq@...urityfocus.com
Subject: [Fwd: phpBB 2.0.16 released]


---------------------------- Original Message ----------------------------
Subject: phpBB 2.0.16 released
From:    "phpBB list" <noreply@...bb.com>
Date:    Mon, June 27, 2005 8:34 pm
To:      security@...loren-im.net
--------------------------------------------------------------------------


Hi everyone,
phpBB Group announces the release of phpBB 2.0.16. This release addresses
some bugfixes and one critical security issue. To fix this, please apply
the following change: In viewtopic.php
Find:
$message = str_replace('"', '"',
substr(@preg_replace('#(>(((?>([^><]+|(?R)))*)<))#se',
"@preg_replace('#b(" . str_replace('\', '\\', $highlight_match) . ")b#i',
'<span style="color:#" . $theme['fontcolor3'] . ""><b>\\1</b></span>',
'\0')", '>' . $message . '<'), 1, -1)); Replace with:
$message = str_replace('"', '"',
substr(@preg_replace('#(>(((?>([^><]+|(?R)))*)<))#se',
"@preg_replace('#b(" . str_replace('\', '\\',
addslashes($highlight_match)) . ")b#i', '<span style="color:#" .
$theme['fontcolor3'] . ""><b>\\1</b></span>', '\0')", '>' . $message .
'<'), 1, -1)); If your mail program wraps the lines it is advised to get
the fix from the official announcement at:
http://www.phpbb.com/phpBB/viewtopic.php?t=302011

We urge you to update as soon as possible. You can of course find this
download available on our downloads page
(http://www.phpbb.com/downloads.php). As per usual three packages are
available to simplify your update. The Full Package contains entire phpBB2
source and English language package. The Changed Files Only contains only
those files changed from previous versions of phpBB. Please note this
archive contains changed files for each previous release. Patch Files
contains patch compatible patches from the previous versions of phpBB.
Select whichever package is most suitable for you.
The changelog (contained within this release) is as follows:
- Fixed critical issue with highlighting - Discovered and fix provided by
Ron van Daal - Url descriptions able to be wrapped over more than one line
again - Fixed bug with eAccelerator in admin_ug_auth.php
- Check new_forum_id for existence in modcp.php - alessnet
- Prevent uploading avatars with no dimensions - Xpert
- Fixed bug in usercp_register.php, forcing avatar file removal without
updating avatar informations within the database - HenkPoley - Fixed bug
in admin re-authentication redirect for servers not having index.php as
one of their default files set As always, our Code Changes Tutorial is
available too for those with heavily modded boards. It can be downloaded
from http://www.phpbb.com/phpBB/viewtopic.php?t=301712


--
Powered by PHPlist, www.phplist.com --










Powered by blists - more mailing lists