update of package(s) phpbb2
Daniel Taylor
ubuntu at danielt.com
Thu Feb 10 05:29:17 CST 2005
The following packages are out of date and are a secuirty risk and
should be updated ASAP, the orignal debian package maintainer has
upgraded them already.
phpbb (current ver: 2.0.8a-3)
phpbb2-languages (current ver: 2.0.8a-3)
phpbb2-conf-mysql (current ver: 2.0.8a-3)
Current version by package maintainer is '2.0.11-1'
2.0.X relates the the version number that phpBB uses from their product,
Security holes:
2.0.8a:
http://www.osvdb.org/displayvuln.php?osvdb_id=5931
http://www.osvdb.org/displayvuln.php?osvdb_id=5574
2.0.9:
http://www.osvdb.org/displayvuln.php?osvdb_id=11719
http://www.osvdb.org/displayvuln.php?osvdb_id=8164
http://www.osvdb.org/displayvuln.php?osvdb_id=8165
http://www.osvdb.org/displayvuln.php?osvdb_id=8166
2.0.10
http://www.osvdb.org/displayvuln.php?osvdb_id=11719 (i belive this is
the one used in the 'santy' worm that used google to spread the web)
So it is very important to update this package ASAP,
It's worth noting that phpBB is feature freeze on it's entire 2.0.x line
so updates that are released on the 2.0.x line for bug updates only.
thanks,
-- Daniel
More information about the ubuntu-devel
mailing list