Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Fwd: phpBB 2.0.16 released]

from [Christian Boenning] Network Security [Permanent Link]
Subject: [Fwd: phpBB 2.0.16 released]
Date: Tue, 28 Jun 2005 09:44:34 +0200 (CEST) 
---------------------------- Original Message ----------------------------
Subject: phpBB 2.0.16 released
From:    "phpBB list" <noreply@phpbb.com>
Date:    Mon, June 27, 2005 8:34 pm
To:      security@verloren-im.net
--------------------------------------------------------------------------


Hi everyone,
phpBB Group announces the release of phpBB 2.0.16. This release addresses
some bugfixes and one critical security issue. To fix this, please apply
the following change: In viewtopic.php
Find:
$message = str_replace('"', '"',
substr(@preg_replace('#(>(((?>([^><]+|(?R)))*)<))#se',
"@preg_replace('#b(" . str_replace('\', '\\', $highlight_match) . ")b#i',
'<span style="color:#" . $theme['fontcolor3'] . ""><b>\\1</b></span>',
'\0')", '>' . $message . '<'), 1, -1)); Replace with:
$message = str_replace('"', '"',
substr(@preg_replace('#(>(((?>([^><]+|(?R)))*)<))#se',
"@preg_replace('#b(" . str_replace('\', '\\',
addslashes($highlight_match)) . ")b#i', '<span style="color:#" .
$theme['fontcolor3'] . ""><b>\\1</b></span>', '\0')", '>' . $message .
'<'), 1, -1)); If your mail program wraps the lines it is advised to get
the fix from the official announcement at:
http://www.phpbb.com/phpBB/viewtopic.php?t=302011

We urge you to update as soon as possible. You can of course find this
download available on our downloads page
(http://www.phpbb.com/downloads.php). As per usual three packages are
available to simplify your update. The Full Package contains entire phpBB2
source and English language package. The Changed Files Only contains only
those files changed from previous versions of phpBB. Please note this
archive contains changed files for each previous release. Patch Files
contains patch compatible patches from the previous versions of phpBB.
Select whichever package is most suitable for you.
The changelog (contained within this release) is as follows:
- Fixed critical issue with highlighting - Discovered and fix provided by
Ron van Daal - Url descriptions able to be wrapped over more than one line
again - Fixed bug with eAccelerator in admin_ug_auth.php
- Check new_forum_id for existence in modcp.php - alessnet
- Prevent uploading avatars with no dimensions - Xpert
- Fixed bug in usercp_register.php, forcing avatar file removal without
updating avatar informations within the database - HenkPoley - Fixed bug
in admin re-authentication redirect for servers not having index.php as
one of their default files set As always, our Code Changes Tutorial is
available too for those with heavily modded boards. It can be downloaded
from http://www.phpbb.com/phpBB/viewtopic.php?t=301712


--
Powered by PHPlist, www.phplist.com --
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Cross-Site Scripting (CSS) in Hosting Controller All Version and hot fix it hehe ;), [at]
Next by Date:  Re: [Full-disclosure] Solaris 9/10 ld.so fun, Przemyslaw Frasunek
Previous by Thread:  Cross-Site Scripting (CSS) in Hosting Controller All Version and hot fix it hehe ;), [at]
Next by Thread:  RE: [Fwd: phpBB 2.0.16 released], Richard Stanway
Indexes:  [Date] [Thread] [Top] [All Lists]