-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sat, 9 Feb 2008 01:16:49 +0100 Source: phpbb2 Binary: phpbb2-languages phpbb2-conf-mysql phpbb2 Architecture: source all Version: 2.0.13+1-6sarge4 Distribution: oldstable-security Urgency: high Maintainer: Jeroen van Wolffelaar <jeroen@wolffelaar.nl> Changed-By: Thijs Kinkhorst <thijs@debian.org> Description: phpbb2 - A fully featured and skinneable flat (non-threaded) webforum phpbb2-conf-mysql - Automatic configurator for phpbb2 on MySQL database phpbb2-languages - phpBB2 additional languages Closes: 388120 405980 463589 Changes: phpbb2 (2.0.13+1-6sarge4) oldstable-security; urgency=high . * Upload to sarge to address security issues. * CVE-2006-4758: authenticated admin may upload arbitrary files (very minor issue, closes: 388120). * CVE-2006-6839: update criteria for redirection targets. * CVE-2006-6840: fix negative start parameter. * CVE-2006-6508/CVE-2006-6841: fix csrf (closes: 405980). * CVE-2008-0471: fix csrf (closes: 463589). Files: d5ca94a7a4c2b3468428a993a1dbc5cc 1011 web optional phpbb2_2.0.13+1-6sarge4.dsc c403597d08f4c5af0f62b84c5ee72a7e 67912 web optional phpbb2_2.0.13+1-6sarge4.diff.gz 944e55e056fc34d970e95b78201589fe 526154 web optional phpbb2_2.0.13-6sarge4_all.deb f0df2114bd60d9b84fbda1d241294fdd 37766 web extra phpbb2-conf-mysql_2.0.13-6sarge4_all.deb f10c4962035ede6e02417b8098efeda0 2868920 web optional phpbb2-languages_2.0.13-6sarge4_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBR6zz/mz0hbPcukPfAQID8wgAkC1l66pYum5qTcJHfUszTCEWb6CIwrV0 a+mHcUFpa0grCwkWQEd1x4t7CH7rAIoRW7N19/v6avBkIKQiAC1MvjTR7qUc1/g0 R6Aus7ZDe2PKd2PShVoLT2A6EYJSkpieyoEnVbllumQpfgKD/VP5DvX6QOYoN3xh uD4KlhkCq1uMOr3FCvY3xTf/V2F1vnEkJssn79//iP3qRCsrAzaAxM1MO2BzLkLB ZLmUhFx7/UeUeGdhwXAS0gbRb09oPO1c1yKXIB/y2hqO2UXuQLtxOlajrQES+f8W TQGWjzuXFgrW1PafmOvT24N0QDhCI+KWu8jRY122WdrDLLo9OUInYA== =vhx+ -----END PGP SIGNATURE----- Accepted: phpbb2-conf-mysql_2.0.13-6sarge4_all.deb to pool/main/p/phpbb2/phpbb2-conf-mysql_2.0.13-6sarge4_all.deb phpbb2-languages_2.0.13-6sarge4_all.deb to pool/main/p/phpbb2/phpbb2-languages_2.0.13-6sarge4_all.deb phpbb2_2.0.13+1-6sarge4.diff.gz to pool/main/p/phpbb2/phpbb2_2.0.13+1-6sarge4.diff.gz phpbb2_2.0.13+1-6sarge4.dsc to pool/main/p/phpbb2/phpbb2_2.0.13+1-6sarge4.dsc phpbb2_2.0.13-6sarge4_all.deb to pool/main/p/phpbb2/phpbb2_2.0.13-6sarge4_all.deb
