Package: phpbb3; Maintainer for phpbb3 is phpBB packaging team <phpbb-l@lists.a-eskwadraat.nl>; Source for phpbb3 is src:phpbb3 (PTS, buildd, popcon).
Reported by: Henri Salo <henri@nerv.fi>
Date: Sat, 31 Jan 2015 12:36:01 UTC
Severity: important
Tags: fixed-upstream, security, upstream
Found in version phpbb3/3.0.12-3
Fixed in versions phpbb3/3.0.12-4, phpbb3/3.0.13-PL1-1, phpbb3/3.0.10-4+deb7u2
Done: David Prévot <taffit@debian.org>
Bug is archived. No further changes may be made.
View this report as an mbox folder, status mbox, maintainer mbox
Report forwarded
to debian-bugs-dist@lists.debian.org, phpBB packaging team <phpbb-l@lists.a-eskwadraat.nl>:
Bug#776699; Package phpbb3.
(Sat, 31 Jan 2015 12:36:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Henri Salo <henri@nerv.fi>:
New Bug report received and forwarded. Copy sent to phpBB packaging team <phpbb-l@lists.a-eskwadraat.nl>.
(Sat, 31 Jan 2015 12:36:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: phpbb3 Version: 3.0.12-3 Severity: important Tags: security, fixed-upstream, upstream CVE request: http://www.openwall.com/lists/oss-security/2015/01/31/2 https://wiki.phpbb.com/Release_Highlights/3.0.13 https://tracker.phpbb.com/browse/PHPBB3-13531 https://github.com/phpbb/phpbb/pull/3316 "CSS Injection via Relative Path Overwrite. Thanks to James Kettle for bringing this to our attention" https://tracker.phpbb.com/browse/PHPBB3-13526 https://github.com/phpbb/phpbb/pull/3311 "The ucp_pm_options form key is now properly validated. Thanks to FBNeal and lampsys who reported this independently." -- Henri Salo
Changed Bug title to 'phpbb3: CVE-2015-1431/CVE-2015-1432: CSRF and CSS injection' from 'phpbb3: CSRF and CSS injection'
Request was from Henri Salo <henri@nerv.fi>
to control@bugs.debian.org.
(Sat, 31 Jan 2015 14:06:09 GMT) (full text, mbox, link).
Added tag(s) pending.
Request was from David Prévot <taffit@debian.org>
to control@bugs.debian.org.
(Mon, 02 Feb 2015 02:09:04 GMT) (full text, mbox, link).
Reply sent
to David Prévot <taffit@debian.org>:
You have taken responsibility.
(Tue, 03 Feb 2015 01:21:12 GMT) (full text, mbox, link).
Notification sent
to Henri Salo <henri@nerv.fi>:
Bug acknowledged by developer.
(Tue, 03 Feb 2015 01:21:12 GMT) (full text, mbox, link).
Message #14 received at 776699-close@bugs.debian.org (full text, mbox, reply):
Source: phpbb3 Source-Version: 3.0.12-4 We believe that the bug you reported is fixed in the latest version of phpbb3, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 776699@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. David Prévot <taffit@debian.org> (supplier of updated phpbb3 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 02 Feb 2015 20:35:46 -0400 Source: phpbb3 Binary: phpbb3 phpbb3-l10n Architecture: source all Version: 3.0.12-4 Distribution: unstable Urgency: medium Maintainer: phpBB packaging team <phpbb-l@lists.a-eskwadraat.nl> Changed-By: David Prévot <taffit@debian.org> Description: phpbb3 - full-featured, skinnable non-threaded web forum phpbb3-l10n - additional language files for phpBB Closes: 776699 Changes: phpbb3 (3.0.12-4) unstable; urgency=medium . * Fix CSRF vulnerability [CVE-2015-1432] and CSS injection [CVE-2015-1431] (Closes: #776699) * Improve PHP 5.6 compatibility: allow mbstring.http_{in,out}put to be set as '' as well as 'pass' on install; do not display warning in ACP if so. Checksums-Sha1: 0fc58605b6ee4a66ed7f1a9c81ad4cb7b9439dcd 15021 phpbb3_3.0.12-4.dsc 0aff26a89e5886787d98364a35d495b4513039c7 93724 phpbb3_3.0.12-4.debian.tar.xz fcd04299a79016080d3b5a857c2fc6a0dfdcd5b5 1510730 phpbb3_3.0.12-4_all.deb b7764e357b1cd04e19ad99b0a2d1932c95c8d3d5 5638564 phpbb3-l10n_3.0.12-4_all.deb Checksums-Sha256: 065f34daa2799d48a6c50dbee423ec2dfe3dd30a2baff9542e6c3c3205caf03d 15021 phpbb3_3.0.12-4.dsc ff23180770d5e3710a0c182007dfc5af2149bfd79d8bdb382a4cc6b6fa0c1cf8 93724 phpbb3_3.0.12-4.debian.tar.xz e0d1c32bf8eaaf5b6d68b5a09f7e3e92adeb37efaf729012e330aec0c7e91320 1510730 phpbb3_3.0.12-4_all.deb fc213f3b047f38f8880c5bfca9edc3ac5fe23117b319f03d86328228f4057a9b 5638564 phpbb3-l10n_3.0.12-4_all.deb Files: 2d119e0dff35853be92dfb1cbe1fc7d9 15021 web optional phpbb3_3.0.12-4.dsc a83238a63fdc47f1e1d0fa4c6249417f 93724 web optional phpbb3_3.0.12-4.debian.tar.xz b4395b7d1c5078b8d57a522ac6905682 1510730 web optional phpbb3_3.0.12-4_all.deb 32aab4d5320bcbb2f7ebc29229d238e0 5638564 localization optional phpbb3-l10n_3.0.12-4_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJU0BylAAoJEAWMHPlE9r08rVsH/3rNM2L+oJz286CPidOh4Vsb IwFCit37vffnTSfGtwdO3rPGvoTtpl2HDZ4bFyJjvUKu2eYJg/8VpK1PfzGl3VBM hUiz3eYA977JdsjvtImQbPOTMI8Ei1cU6/6L227pdCFTxKHB+2t43HfcLj9bwCXe 3xCnCLG/rtlM4vzP4gWCXUCLjyyNQIw/qkMpMTB62UoJyUkSVvzgFeFiOoLR3Psi HsKsztGbNoxgO/qNkjiHjjpUI5nEvWcoGsDdPv4zNyHqrxlVeuhitEdMxmsF1vF8 a45rhYPS6vhobSxxbjnjXWbuAVw1HujpUBSHKFtkwLf9CTGvYRGkTzeBsrR716g= =miGu -----END PGP SIGNATURE-----
Reply sent
to David Prévot <taffit@debian.org>:
You have taken responsibility.
(Tue, 03 Feb 2015 01:24:06 GMT) (full text, mbox, link).
Notification sent
to Henri Salo <henri@nerv.fi>:
Bug acknowledged by developer.
(Tue, 03 Feb 2015 01:24:06 GMT) (full text, mbox, link).
Message #19 received at 776699-close@bugs.debian.org (full text, mbox, reply):
Source: phpbb3 Source-Version: 3.0.13-PL1-1 We believe that the bug you reported is fixed in the latest version of phpbb3, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 776699@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. David Prévot <taffit@debian.org> (supplier of updated phpbb3 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 01 Feb 2015 21:19:06 -0400 Source: phpbb3 Binary: phpbb3 phpbb3-l10n Architecture: source all Version: 3.0.13-PL1-1 Distribution: experimental Urgency: medium Maintainer: phpBB packaging team <phpbb-l@lists.a-eskwadraat.nl> Changed-By: David Prévot <taffit@debian.org> Description: phpbb3 - full-featured, skinnable non-threaded web forum phpbb3-l10n - additional language files for phpBB Closes: 776699 Changes: phpbb3 (3.0.13-PL1-1) experimental; urgency=medium . * New upstream release: - fix CSRF vulnerability [CVE-2015-1432] - fix CSS injection [CVE-2015-1431] (Closes: #776699) * Add SHA256 support to get-orig-source * Update translations: - Update Dutch (Formal Honorifics) - Update Dutch (Casual Honorifics) - Update Estonian - Update Mandarin Chinese (Traditional Script) - Update Romanian - Update Russian - Remove Croatian * Track 3.0 releases * Refresh patches * Update copyright * Upload to experimental to respect the freeze Checksums-Sha1: 95504c7cc744bd621fe0500392ef4b79bb1a5cd7 15354 phpbb3_3.0.13-PL1-1.dsc 01e61487eb99731e969dbf1a6dd3860c507f8128 150408 phpbb3_3.0.13-PL1.orig-l10n-ar.tar.xz 36f784a4fcf70848cd1ae82b63b3a08d1cc2b0b9 161764 phpbb3_3.0.13-PL1.orig-l10n-be.tar.xz e51363c76592f86897fc54c9cd3ba08317237950 141116 phpbb3_3.0.13-PL1.orig-l10n-bg.tar.xz 84c88768ca541f9966289e047cc1c88ab2cba150 152376 phpbb3_3.0.13-PL1.orig-l10n-ca.tar.xz f0c452608bcaf1f5c99889945527d2b944b0d22c 154000 phpbb3_3.0.13-PL1.orig-l10n-cs.tar.xz af1faa3283561cf470523c894b8f2c8ca5bf51c8 151120 phpbb3_3.0.13-PL1.orig-l10n-da.tar.xz 315b621f8f4775fd26771547bc3280b4f5e428bd 156936 phpbb3_3.0.13-PL1.orig-l10n-de-x-sie.tar.xz 1da61fa59672ad99aa26d983f053a49ee5983322 157072 phpbb3_3.0.13-PL1.orig-l10n-de.tar.xz 70b6ef35140465576645557bbaf55623296d8533 169904 phpbb3_3.0.13-PL1.orig-l10n-el.tar.xz e0645b525cac348eab3e7a82ed40289ef1024c64 141208 phpbb3_3.0.13-PL1.orig-l10n-en-us.tar.xz 04ccbda847489690443ad55c40e49c25b4ac5067 147956 phpbb3_3.0.13-PL1.orig-l10n-es-ar.tar.xz 3406c69853d2ddf2f67ca4026a4ab03ca2abb5d4 147748 phpbb3_3.0.13-PL1.orig-l10n-es-mx.tar.xz 99a7550ba71f844aaa4f83b9fc8c98ce6f92baad 148228 phpbb3_3.0.13-PL1.orig-l10n-es-x-tu.tar.xz 5653791b99d412e2a7126bb861f989608d4dab6a 147576 phpbb3_3.0.13-PL1.orig-l10n-es.tar.xz ed914dc8b49dfca67655d2fce18906a5151deafb 142644 phpbb3_3.0.13-PL1.orig-l10n-et.tar.xz 3e36280e6675ea6e098f6633a6659824ea7e6958 149256 phpbb3_3.0.13-PL1.orig-l10n-eu.tar.xz e6fb5c67de7f001d4622750c2f0eb0b1017b7e92 164052 phpbb3_3.0.13-PL1.orig-l10n-fa.tar.xz e9e17122fabef7455e756bdfe5882ecf9894ea15 151068 phpbb3_3.0.13-PL1.orig-l10n-fi.tar.xz e040c4e59ff8c8ac0bb88b2f13d03e2340d67808 156668 phpbb3_3.0.13-PL1.orig-l10n-fr.tar.xz ca5f45e006a276aee90529bad3f2b91f59f8f0aa 145764 phpbb3_3.0.13-PL1.orig-l10n-gd.tar.xz 9dc561c94c27e0b0e0a665abeba7c26348268e29 154028 phpbb3_3.0.13-PL1.orig-l10n-gl.tar.xz 08712eb2377f427e173dc34bff1895a7782e8354 153252 phpbb3_3.0.13-PL1.orig-l10n-he.tar.xz 31f8b5c5a1afb38f47206434f06b4d64ecd250fd 159112 phpbb3_3.0.13-PL1.orig-l10n-hu.tar.xz be9943650faf51881495a5b4b249b949087a1049 147100 phpbb3_3.0.13-PL1.orig-l10n-id.tar.xz d9083a0019fa0c41fcd393822a12f0e9a2b0e3a6 147808 phpbb3_3.0.13-PL1.orig-l10n-it.tar.xz 7ae15ac09dd3a26679de8495ba68df661d32e6a5 144788 phpbb3_3.0.13-PL1.orig-l10n-ja.tar.xz 805296e4e8f15c6766174083a8abd5f53382aeb2 152608 phpbb3_3.0.13-PL1.orig-l10n-ku.tar.xz 2b56e2b4325e37182b05c988a5186ce65ee6004e 140448 phpbb3_3.0.13-PL1.orig-l10n-lt.tar.xz 4e1d2b0a44958dfd0d0e6c017668a4c5c7bbfbbd 164880 phpbb3_3.0.13-PL1.orig-l10n-mk.tar.xz bc86dc2861a3e1e11207bb1af19cd26d559811c1 158976 phpbb3_3.0.13-PL1.orig-l10n-nl-x-formal.tar.xz d2ebbf2949142f8ecbac75a5c0bc802849518595 148520 phpbb3_3.0.13-PL1.orig-l10n-nl.tar.xz edee2e9e67aa098b2ea1fc4fab2e8faed7690da8 147708 phpbb3_3.0.13-PL1.orig-l10n-pl.tar.xz 454af0c0d6537115afdd33d6107bcb6c8b7194e4 152784 phpbb3_3.0.13-PL1.orig-l10n-pt-br.tar.xz e91ab54101bb6f6f087bceb6cbc2e72c99d49d26 152948 phpbb3_3.0.13-PL1.orig-l10n-pt.tar.xz c8d04772fb14083a2c33091836ff33564dc015b3 165300 phpbb3_3.0.13-PL1.orig-l10n-ro.tar.xz 0fd155d1512c4852d458a6dc2b9f6036952788a8 158000 phpbb3_3.0.13-PL1.orig-l10n-ru.tar.xz f42e3405a83a173008eb5ec775c6e93d42feba3f 155088 phpbb3_3.0.13-PL1.orig-l10n-sk.tar.xz c33c3b7d92230ea98f1b7050454d5876b7d76dc8 153572 phpbb3_3.0.13-PL1.orig-l10n-sl.tar.xz 69e98c99918702e6d469227a677d000a8fd16a25 153080 phpbb3_3.0.13-PL1.orig-l10n-sr-latn.tar.xz 239014648e76d30ae144af03922701d153a4a75f 154944 phpbb3_3.0.13-PL1.orig-l10n-sr.tar.xz ee324950cf6b8db0e6151231c66a9f65122f029d 147920 phpbb3_3.0.13-PL1.orig-l10n-sv.tar.xz 7e602852c21c3e1c1faee899d00a8c1169b5e615 145720 phpbb3_3.0.13-PL1.orig-l10n-th.tar.xz 0cce9e64236ca68a03620b8ae5236b838a855993 154616 phpbb3_3.0.13-PL1.orig-l10n-tr.tar.xz 95fcda3dbc3ab9eb04ea15fd712685c52c9119c4 144636 phpbb3_3.0.13-PL1.orig-l10n-tt.tar.xz b64d4b0c39a2ef81e75cf32fec2892113d4cffe4 157192 phpbb3_3.0.13-PL1.orig-l10n-uk.tar.xz 027efd970f0ec5bc5e67796b6cf3016389591733 120840 phpbb3_3.0.13-PL1.orig-l10n-ur.tar.xz 1473fc1056d120adb872c73e160da6f8dfab9ef4 154536 phpbb3_3.0.13-PL1.orig-l10n-vi.tar.xz d261d7fb82bca0e55bac3bb920df6812543090d0 137944 phpbb3_3.0.13-PL1.orig-l10n-zh-cmn-hans.tar.xz bfe4657cb2f0a4b3b21ac5481583472b6ba01f8d 149248 phpbb3_3.0.13-PL1.orig-l10n-zh-cmn-hant.tar.xz ebe96c37d644d821ad0243c79eb03d80df69f476 1607058 phpbb3_3.0.13-PL1.orig.tar.bz2 8c1ab630c07660787e34a7bc262e1fd0c94c2d0f 92068 phpbb3_3.0.13-PL1-1.debian.tar.xz ab3b1a71ce7c0a11b7e7b5d4e10b88434ca29d9b 1512428 phpbb3_3.0.13-PL1-1_all.deb 532b9c880c054eda14014c4c40a1eb64018e3ce8 5507380 phpbb3-l10n_3.0.13-PL1-1_all.deb Checksums-Sha256: b4cf1f2fb7e739d7bdce36fac127e5a155869006242c73e91a755db37edd4522 15354 phpbb3_3.0.13-PL1-1.dsc 12b20f544eab061fc73bcd436cf86c27c5781497d279225db0d5038feb1a2469 150408 phpbb3_3.0.13-PL1.orig-l10n-ar.tar.xz f8ee2ae2d8eb7600b0c97ed50d766665c25e7f7d7fca12773e44c733c5180a87 161764 phpbb3_3.0.13-PL1.orig-l10n-be.tar.xz 7e81d241f7ecc2c1ef7e7ce6e0a03a1ba2660c2e5e1017e7a71dcb1d902437f3 141116 phpbb3_3.0.13-PL1.orig-l10n-bg.tar.xz 29f18c833b91120e8bcf1102d690669eb3f21206f466e9d24b4bb64519ee8736 152376 phpbb3_3.0.13-PL1.orig-l10n-ca.tar.xz 02ddb64dd252ce90f8be4581582be195ec9e272013b18231907a57a58266ba2c 154000 phpbb3_3.0.13-PL1.orig-l10n-cs.tar.xz 9fc60a5aeca085cbd91c0ccd46ab8a45836c77c059a49f16b331335dba6b1cf5 151120 phpbb3_3.0.13-PL1.orig-l10n-da.tar.xz 453de465a31a827002c29cc70f37885a8070f4f4d1d17d929a421dc674b11de8 156936 phpbb3_3.0.13-PL1.orig-l10n-de-x-sie.tar.xz 4b1998b324bd936487f609691eb68c6be57ce563a31e67db68d53eef9f4a7848 157072 phpbb3_3.0.13-PL1.orig-l10n-de.tar.xz f13fe6b7111eb3216b22aae344bbe57f85e4ac18e114e4b1b5bf15fbcc054413 169904 phpbb3_3.0.13-PL1.orig-l10n-el.tar.xz 08695ea8fc33a03e96a3ede77077cd2411b8d1d7b98a211646e97a4eca232cc1 141208 phpbb3_3.0.13-PL1.orig-l10n-en-us.tar.xz 1641119418750e17673e149840006250961582747ed4be8d978a7735fb70a454 147956 phpbb3_3.0.13-PL1.orig-l10n-es-ar.tar.xz 33e220d03f45497f41bd13cd1602c551ab554385bedc9da1f18e1334034817d6 147748 phpbb3_3.0.13-PL1.orig-l10n-es-mx.tar.xz 0b5b429a63e2b7eea1f9e60375123c249a646076268db6f5e70946d1b4a43512 148228 phpbb3_3.0.13-PL1.orig-l10n-es-x-tu.tar.xz 6d843daa15f66efbe6af4e0497661f27cf2b25e8bfef0442208bf93ce07d76f1 147576 phpbb3_3.0.13-PL1.orig-l10n-es.tar.xz 420b8b0cf453b7706c0d0372336247b6a8696e94d10ba9f1f4347078debcb9d4 142644 phpbb3_3.0.13-PL1.orig-l10n-et.tar.xz d7cb37f05f5f7c2577cb2c9f90e41f2e7c5dd2fc22fb160a14675ed652b7cb7c 149256 phpbb3_3.0.13-PL1.orig-l10n-eu.tar.xz 5ca6e2e055d460ffc90f0622984185109b4b1fe447228b160d9060c536e98878 164052 phpbb3_3.0.13-PL1.orig-l10n-fa.tar.xz e8d2972864fa1228e81536ca64f88270ffc9a5e48b99a1db8197c1f02c9e9231 151068 phpbb3_3.0.13-PL1.orig-l10n-fi.tar.xz a1b20537048d90eb3299420fb1bef4db2ffbae4c07615cb7a7b586515552c0e4 156668 phpbb3_3.0.13-PL1.orig-l10n-fr.tar.xz bce1bc2dd3a3f4db47535e0f87b41b46f75296c19749b0611606083580962d21 145764 phpbb3_3.0.13-PL1.orig-l10n-gd.tar.xz fc6194e5a0c1b43f4a6a7ad3fce4f3d7963d6bf56002eeba91fb6efe7f771943 154028 phpbb3_3.0.13-PL1.orig-l10n-gl.tar.xz 3944d5df7e23fe6d9b4938079a1e97f25a9b8f0c240cb419096c0a29272c0beb 153252 phpbb3_3.0.13-PL1.orig-l10n-he.tar.xz 1f42422c183015602525cc25ba64fb4a3bc6a72d9d845d3a1754cdf819fb320a 159112 phpbb3_3.0.13-PL1.orig-l10n-hu.tar.xz 6fc34346a9fda4ca6aaffbae208f22cabe23beabfffb0040f72d85d25bdbc8e4 147100 phpbb3_3.0.13-PL1.orig-l10n-id.tar.xz fca7151489ba743c2ee0db09379d8536af81fc5242c893dc496f994fa9151299 147808 phpbb3_3.0.13-PL1.orig-l10n-it.tar.xz 73b4455b30f3b026868314a5d7bd911b1990ffd8f707114798675251bfa32e33 144788 phpbb3_3.0.13-PL1.orig-l10n-ja.tar.xz 739f418f0e716aad44d7fc3ccb290785a90c0e2f34b41bd62d1715cd36cc833c 152608 phpbb3_3.0.13-PL1.orig-l10n-ku.tar.xz f98d668e047334dfab884f5ae6ee7eb44d359ce1104b6e74de995a7eef9642a4 140448 phpbb3_3.0.13-PL1.orig-l10n-lt.tar.xz 4a7a5138d671e7bb57f6762f0d8de09a4913d6dcf4e837d6c877a818c338e4c8 164880 phpbb3_3.0.13-PL1.orig-l10n-mk.tar.xz 38cf14d2bd1951e4221a8abea70017eecef3c2b7e722dc3c95923c8c55743336 158976 phpbb3_3.0.13-PL1.orig-l10n-nl-x-formal.tar.xz bdc6a9a0497399e04bd4046af1fdfbdd893db2e16381ebf443946b3a27fcc955 148520 phpbb3_3.0.13-PL1.orig-l10n-nl.tar.xz e8fe9bf5c59bfbba8750a5d20c2acd04fda797e6c9b27ccbd95f61f4616a9c7f 147708 phpbb3_3.0.13-PL1.orig-l10n-pl.tar.xz ccf13fd8d48e000c04baf1b024bb04a7b7e69e0c20958c84c304e985ff662f9d 152784 phpbb3_3.0.13-PL1.orig-l10n-pt-br.tar.xz f1fe45a307b112e984efee37cd964b9be3e1e1ca46724c2208668881ef8caa41 152948 phpbb3_3.0.13-PL1.orig-l10n-pt.tar.xz 4fc8a2eebf98b0024fc74ae374350af8e32c9e9cb80db3bb1a64b3d417c4f225 165300 phpbb3_3.0.13-PL1.orig-l10n-ro.tar.xz 5b7d27da28d823c2bf1164e65eed23eeca7772ed9d853aead9e756f2ebdaceee 158000 phpbb3_3.0.13-PL1.orig-l10n-ru.tar.xz 40a01de760ae02990fc6dd67580ab2e7a0802c34bdf9ec00287634a80cbc8f66 155088 phpbb3_3.0.13-PL1.orig-l10n-sk.tar.xz a7a36d89e2e71ff8a54533fe6e7012ce9522ab371e7f1bbad07acbff26dd12a0 153572 phpbb3_3.0.13-PL1.orig-l10n-sl.tar.xz d7117d863fc9c8f38e60c07a9e0f2e098990036f11068a4d058c80d97ed24532 153080 phpbb3_3.0.13-PL1.orig-l10n-sr-latn.tar.xz bbd55d9a7e3104e6008fac8cfbb7370d8ab60ea7981a789a278a869a272caac5 154944 phpbb3_3.0.13-PL1.orig-l10n-sr.tar.xz 2fe009e8558a830befe36393926fce53bbd1760f2ed404b69331b51a2930d8e2 147920 phpbb3_3.0.13-PL1.orig-l10n-sv.tar.xz ab67fe48a4ef51ed0030123d2b1279df10614aa758eea17e8755b9bb8ec95e1b 145720 phpbb3_3.0.13-PL1.orig-l10n-th.tar.xz e1478638d6ff94bccfd8e509efe6628bed3636724bf01ca1114ad3ba0ddc82fc 154616 phpbb3_3.0.13-PL1.orig-l10n-tr.tar.xz 8839f7a67c80ac98a8a6451048eab4e3b0a1ab5e92a6995336da924cf29905d1 144636 phpbb3_3.0.13-PL1.orig-l10n-tt.tar.xz 802f66dd2738f954333f48a3fdca7d523f657d20a8b835f523f2a834bfac9abf 157192 phpbb3_3.0.13-PL1.orig-l10n-uk.tar.xz cb0e9a71e9b543c7a4d4559c7a9e8c8f1e0c79a6c4ebaf1921fc6d5b85de6ff2 120840 phpbb3_3.0.13-PL1.orig-l10n-ur.tar.xz 5217b7897f1448afdc8da02e1f474a5b89e9f3e4d9f5601ea1b1cbc4d2febf77 154536 phpbb3_3.0.13-PL1.orig-l10n-vi.tar.xz e3904cd9cdbc965e2f6d1a20a093d674825bb3a488c2505aa5cd6a6636f77dcf 137944 phpbb3_3.0.13-PL1.orig-l10n-zh-cmn-hans.tar.xz 397dbf529b388f18f6b261f4fb14883e60692665175c35278a4834cead208226 149248 phpbb3_3.0.13-PL1.orig-l10n-zh-cmn-hant.tar.xz 3ca84204aefda39142ee57dd77c69b762ad5ba44aaf4d2dcb98d5e752d8accfd 1607058 phpbb3_3.0.13-PL1.orig.tar.bz2 2fd6e688b951d99be7c46ffdd58b681a780ec90ac2613787df2f48fc615f7c0b 92068 phpbb3_3.0.13-PL1-1.debian.tar.xz 2cd16624de3fcb5c8c3d2b7cd199ddd0219b173d354043581c7fb2fa17f021f9 1512428 phpbb3_3.0.13-PL1-1_all.deb 593a7aaca813c647cb9c93a4b0f0d635a4e8c7b4725040e7dd8ca02e36d0e859 5507380 phpbb3-l10n_3.0.13-PL1-1_all.deb Files: 6f1db9984e011f2130423b0990acd1e9 15354 web optional phpbb3_3.0.13-PL1-1.dsc d0893fabc6117a31147019bd08302fa7 150408 web optional phpbb3_3.0.13-PL1.orig-l10n-ar.tar.xz 33ca740f7930e17d428932b4ee822b09 161764 web optional phpbb3_3.0.13-PL1.orig-l10n-be.tar.xz 1ee5912b08f287484dcfdfb6b76e7598 141116 web optional phpbb3_3.0.13-PL1.orig-l10n-bg.tar.xz 50f8d60e9afa2b1457f304b6ebd56bf0 152376 web optional phpbb3_3.0.13-PL1.orig-l10n-ca.tar.xz 9535829123375739395d4828456e9075 154000 web optional phpbb3_3.0.13-PL1.orig-l10n-cs.tar.xz 2d3f1992b51ece794f9419f4a2567f50 151120 web optional phpbb3_3.0.13-PL1.orig-l10n-da.tar.xz 03643c9c86f9b8a47583fe22ed5c2a6d 156936 web optional phpbb3_3.0.13-PL1.orig-l10n-de-x-sie.tar.xz cbfb6117d71a7d1468789320df41e228 157072 web optional phpbb3_3.0.13-PL1.orig-l10n-de.tar.xz 2a9ee377ebc116d3dfae73d1f4209665 169904 web optional phpbb3_3.0.13-PL1.orig-l10n-el.tar.xz 251232ceab91e00a0da3664f16071ab3 141208 web optional phpbb3_3.0.13-PL1.orig-l10n-en-us.tar.xz 241d70594858e15cd70593dc5524ff1f 147956 web optional phpbb3_3.0.13-PL1.orig-l10n-es-ar.tar.xz 79fd3d548ef8d7f8076752a773dca31e 147748 web optional phpbb3_3.0.13-PL1.orig-l10n-es-mx.tar.xz 314f17133e6de50af7923c7e7074d329 148228 web optional phpbb3_3.0.13-PL1.orig-l10n-es-x-tu.tar.xz db07bff0bfabfeb031745e8184e727f5 147576 web optional phpbb3_3.0.13-PL1.orig-l10n-es.tar.xz 78b2cf20340bb9f1dd945a6c9db3cdb2 142644 web optional phpbb3_3.0.13-PL1.orig-l10n-et.tar.xz e01a3a9df62be21c5802c524f76f5c76 149256 web optional phpbb3_3.0.13-PL1.orig-l10n-eu.tar.xz be4280dc6c0f0eb139308ee7fbdd91b9 164052 web optional phpbb3_3.0.13-PL1.orig-l10n-fa.tar.xz fd1a1b230e80e66d5f0e2bf602bbd6db 151068 web optional phpbb3_3.0.13-PL1.orig-l10n-fi.tar.xz ec8530bb2261e2d1948eaab6d1aa920d 156668 web optional phpbb3_3.0.13-PL1.orig-l10n-fr.tar.xz 9d2aa90e5c2cf07a1c277b064d65821e 145764 web optional phpbb3_3.0.13-PL1.orig-l10n-gd.tar.xz 0dccf17a50455858a6095185a5b6abc1 154028 web optional phpbb3_3.0.13-PL1.orig-l10n-gl.tar.xz 1bc8c8c817d44b21f5bb65c6f842e649 153252 web optional phpbb3_3.0.13-PL1.orig-l10n-he.tar.xz bada163a8992115a9cdb1840b0a56473 159112 web optional phpbb3_3.0.13-PL1.orig-l10n-hu.tar.xz 7463299619147543b8e85da9b39b26ad 147100 web optional phpbb3_3.0.13-PL1.orig-l10n-id.tar.xz bcf7916b5ea705bbde109763de63337d 147808 web optional phpbb3_3.0.13-PL1.orig-l10n-it.tar.xz c1628760c5f378cf8f135b8bfaacb9a7 144788 web optional phpbb3_3.0.13-PL1.orig-l10n-ja.tar.xz 89eaf5420b9163bfa67a8157344ffe5e 152608 web optional phpbb3_3.0.13-PL1.orig-l10n-ku.tar.xz acde5ffbd75aecd7fed26c56993486d4 140448 web optional phpbb3_3.0.13-PL1.orig-l10n-lt.tar.xz 0a94da76293869bd4eb52920c4a4c7ae 164880 web optional phpbb3_3.0.13-PL1.orig-l10n-mk.tar.xz 4b247c7114632b055528e3003cbdefa4 158976 web optional phpbb3_3.0.13-PL1.orig-l10n-nl-x-formal.tar.xz f10f5c670e55f06dd43fca496f2397dd 148520 web optional phpbb3_3.0.13-PL1.orig-l10n-nl.tar.xz 50521b61f3e3c27e96c4b8af24888873 147708 web optional phpbb3_3.0.13-PL1.orig-l10n-pl.tar.xz 9bf19001d5e11a83a7a9abe22b732385 152784 web optional phpbb3_3.0.13-PL1.orig-l10n-pt-br.tar.xz c2605c804c40621e1549b225e177e888 152948 web optional phpbb3_3.0.13-PL1.orig-l10n-pt.tar.xz 5bfa63dfd4c04bfa30cfc29774b2108f 165300 web optional phpbb3_3.0.13-PL1.orig-l10n-ro.tar.xz f44820ca2c97c58f3bd3b2d104d26a3d 158000 web optional phpbb3_3.0.13-PL1.orig-l10n-ru.tar.xz 55eb6198beff8c25f216e156134f0158 155088 web optional phpbb3_3.0.13-PL1.orig-l10n-sk.tar.xz 57994da5cc9b4e68968ecfe7365034ea 153572 web optional phpbb3_3.0.13-PL1.orig-l10n-sl.tar.xz 542807ae5b314312bb34bd22bfe8fd05 153080 web optional phpbb3_3.0.13-PL1.orig-l10n-sr-latn.tar.xz 75eefaf2fa35a9954981a52d973265cf 154944 web optional phpbb3_3.0.13-PL1.orig-l10n-sr.tar.xz 12d77815c830ef669441c645271c94c9 147920 web optional phpbb3_3.0.13-PL1.orig-l10n-sv.tar.xz b1e858fdda81e2db89b68c08bbb33a06 145720 web optional phpbb3_3.0.13-PL1.orig-l10n-th.tar.xz ce60576f56384fb9619fbca76f27afdc 154616 web optional phpbb3_3.0.13-PL1.orig-l10n-tr.tar.xz d5f889c94c76c87e02156d850d979fe8 144636 web optional phpbb3_3.0.13-PL1.orig-l10n-tt.tar.xz 49d175ff504867c8bfa0891a04d14e4e 157192 web optional phpbb3_3.0.13-PL1.orig-l10n-uk.tar.xz 70b0e0b5c2abc96ab1094da12a2fde1f 120840 web optional phpbb3_3.0.13-PL1.orig-l10n-ur.tar.xz 281ff95b1c3e0c4bd53a5faa9691a7e0 154536 web optional phpbb3_3.0.13-PL1.orig-l10n-vi.tar.xz f751334242df94a564bef4143fdfc3ea 137944 web optional phpbb3_3.0.13-PL1.orig-l10n-zh-cmn-hans.tar.xz 92b1a1b6d3f17d49b462819b459628e1 149248 web optional phpbb3_3.0.13-PL1.orig-l10n-zh-cmn-hant.tar.xz 456dc69d9b399b54205e630b8f63b103 1607058 web optional phpbb3_3.0.13-PL1.orig.tar.bz2 38e9bd0f1302bde1f718c2ce575e320f 92068 web optional phpbb3_3.0.13-PL1-1.debian.tar.xz 9cf93187bdaf865fe0280d6e9fe828db 1512428 web optional phpbb3_3.0.13-PL1-1_all.deb 790bf93dc18ebf64a7882106ec898177 5507380 localization optional phpbb3-l10n_3.0.13-PL1-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJUztLoAAoJEAWMHPlE9r08GQMH/17Zqx5PkJf3olV9jDI+I+gv 3ssT96gZR545nxOyFoxRzgGaLdxGTtOHAwinsafmMFEgWXinNknLoM6ny7h0TxUk bQokhDickkY2qzXJBZybk43fiNdfjXN18mtyZClKaRNaBhS2UXelM3r1UG9Z+SN6 A06HtmbyHAFZyE0L+NPmGI5lW11C56O3hHwaSX0BJSxHfgniSucvTpyvmxL4LNEE 7m1r1A27qM5V/v7VOp4Qg7HDoooLySKvUdn1mnD7t7YX05FSN7U4dCpNoKTMJnYx pfuBih+6sfBdWp/DgxEP7VO73NhHn/8wl/oSmoXP48E9Y9plN3kkA9k9DpC89JM= =pLdT -----END PGP SIGNATURE-----
Reply sent
to David Prévot <taffit@debian.org>:
You have taken responsibility.
(Thu, 05 Feb 2015 21:21:36 GMT) (full text, mbox, link).
Notification sent
to Henri Salo <henri@nerv.fi>:
Bug acknowledged by developer.
(Thu, 05 Feb 2015 21:21:36 GMT) (full text, mbox, link).
Message #24 received at 776699-close@bugs.debian.org (full text, mbox, reply):
Source: phpbb3 Source-Version: 3.0.10-4+deb7u2 We believe that the bug you reported is fixed in the latest version of phpbb3, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 776699@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. David Prévot <taffit@debian.org> (supplier of updated phpbb3 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 02 Feb 2015 20:40:19 -0400 Source: phpbb3 Binary: phpbb3 phpbb3-l10n Architecture: source all Version: 3.0.10-4+deb7u2 Distribution: wheezy Urgency: medium Maintainer: Jeroen van Wolffelaar <jeroen@wolffelaar.nl> Changed-By: David Prévot <taffit@debian.org> Description: phpbb3 - full-featured, skinnable non-threaded web forum phpbb3-l10n - additional language files for phpBB Closes: 776699 Changes: phpbb3 (3.0.10-4+deb7u2) wheezy; urgency=medium . * Fix CSRF vulnerability [CVE-2015-1432] and CSS injection [CVE-2015-1431] (Closes: #776699) Checksums-Sha1: 5c753dd6b5144ecb943b9dc03e8782e84fd1a901 13993 phpbb3_3.0.10-4+deb7u2.dsc f7785930c3f12517528e5a18a4e9cfce11c089fb 124049 phpbb3_3.0.10-4+deb7u2.debian.tar.gz 0aee1295e3770192da041de283089cf22e2ccf55 2317210 phpbb3_3.0.10-4+deb7u2_all.deb f8728d1c17e027e9dca71c687cee2a99306345c5 8222444 phpbb3-l10n_3.0.10-4+deb7u2_all.deb Checksums-Sha256: a64b89e0100f174188fa7f5ff147cad4f1b9ea15fc6729f6892c09c63a6afc77 13993 phpbb3_3.0.10-4+deb7u2.dsc d14881b768e68b13f76fdfc3e2c1f1f98c3f0fc9fe8f0a8522b33006fe25ec3f 124049 phpbb3_3.0.10-4+deb7u2.debian.tar.gz bf9e7519fc05f9d5fac1eef445bcedcbd281151796f193e9ced1da94bc6fe488 2317210 phpbb3_3.0.10-4+deb7u2_all.deb b5046e542e4c04b766159f2eebea7d8eb0bcd571b1386f34ad55d7307fd311b8 8222444 phpbb3-l10n_3.0.10-4+deb7u2_all.deb Files: b6f359b3a3e381bebefc065eccedb513 13993 web optional phpbb3_3.0.10-4+deb7u2.dsc fa7ee94669dd8ca0b299b0c475acdd52 124049 web optional phpbb3_3.0.10-4+deb7u2.debian.tar.gz 2aa77e8e53b620a28678eb0bb5905c6e 2317210 web optional phpbb3_3.0.10-4+deb7u2_all.deb 1f6f305a5e19384a0cc0fd86555d345a 8222444 localization optional phpbb3-l10n_3.0.10-4+deb7u2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJU0BydAAoJEAWMHPlE9r08EX0IALAEsNxzBB1v7IWikcLpzdit SoIn7E1/IyeT5dWjWHdGWJEsnnoN8HB+ZMmR0g10eqKKZQx0b5gArZAGhzmGDDMe ErkN5Q3vHfxeRUSod/x7k1wEKSJkmTHZvx2jotgQbN65XWW83jb/VwJ5x6iv8la2 sT+5q1s3egXoMhVnUoIbVYpRwUShbWZknuK9TnV7J1WONq70hqlIPwlLlZ+hFOy3 bH7pAABxzrjkb/5COlPC4Smgp3R+/H/jxWVZKvc6whvKEV8jl6M75JV8vkRt0E0d PAQigAeqSH9wmg2EMfig9ufePbTiWTmeB9TvlDOXkXRUNP8rN2uY109x84as9mE= =HemS -----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 08 Mar 2015 07:32:46 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.
Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.
Vulmon