[Fwd: phpBB 2.0.16 released]
From: Christian Boenning (security_at_verloren-im.net)
Date: 06/28/05
- Previous message: ActionSpider_at_securityfocus.com,: "Cross-Site Scripting (CSS) in Hosting Controller All Version and hot fix it hehe ;)"
- Next in thread: Richard Stanway: "RE: [Fwd: phpBB 2.0.16 released]"
- Reply: Richard Stanway: "RE: [Fwd: phpBB 2.0.16 released]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 28 Jun 2005 09:44:34 +0200 (CEST) To: bugtraq@securityfocus.com
---------------------------- Original Message ----------------------------
Subject: phpBB 2.0.16 released
From: "phpBB list" <noreply@phpbb.com>
Date: Mon, June 27, 2005 8:34 pm
To: security@verloren-im.net
--------------------------------------------------------------------------
Hi everyone,
phpBB Group announces the release of phpBB 2.0.16. This release addresses
some bugfixes and one critical security issue. To fix this, please apply
the following change: In viewtopic.php
Find:
$message = str_replace('"', '"',
substr(@preg_replace('#(>(((?>([^><]+|(?R)))*)<))#se',
"@preg_replace('#b(" . str_replace('\', '\\', $highlight_match) . ")b#i',
'<span style="color:#" . $theme['fontcolor3'] . ""><b>\\1</b></span>',
'\0')", '>' . $message . '<'), 1, -1)); Replace with:
$message = str_replace('"', '"',
substr(@preg_replace('#(>(((?>([^><]+|(?R)))*)<))#se',
"@preg_replace('#b(" . str_replace('\', '\\',
addslashes($highlight_match)) . ")b#i', '<span style="color:#" .
$theme['fontcolor3'] . ""><b>\\1</b></span>', '\0')", '>' . $message .
'<'), 1, -1)); If your mail program wraps the lines it is advised to get
the fix from the official announcement at:
http://www.phpbb.com/phpBB/viewtopic.php?t=302011
We urge you to update as soon as possible. You can of course find this
download available on our downloads page
(http://www.phpbb.com/downloads.php). As per usual three packages are
available to simplify your update. The Full Package contains entire phpBB2
source and English language package. The Changed Files Only contains only
those files changed from previous versions of phpBB. Please note this
archive contains changed files for each previous release. Patch Files
contains patch compatible patches from the previous versions of phpBB.
Select whichever package is most suitable for you.
The changelog (contained within this release) is as follows:
- Fixed critical issue with highlighting - Discovered and fix provided by
Ron van Daal - Url descriptions able to be wrapped over more than one line
again - Fixed bug with eAccelerator in admin_ug_auth.php
- Check new_forum_id for existence in modcp.php - alessnet
- Prevent uploading avatars with no dimensions - Xpert
- Fixed bug in usercp_register.php, forcing avatar file removal without
updating avatar informations within the database - HenkPoley - Fixed bug
in admin re-authentication redirect for servers not having index.php as
one of their default files set As always, our Code Changes Tutorial is
available too for those with heavily modded boards. It can be downloaded
from http://www.phpbb.com/phpBB/viewtopic.php?t=301712
-- Powered by PHPlist, www.phplist.com --
- Previous message: ActionSpider_at_securityfocus.com,: "Cross-Site Scripting (CSS) in Hosting Controller All Version and hot fix it hehe ;)"
- Next in thread: Richard Stanway: "RE: [Fwd: phpBB 2.0.16 released]"
- Reply: Richard Stanway: "RE: [Fwd: phpBB 2.0.16 released]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
