Found security expliot in port phpBB 2.0.8 FreeBSD4.10
Xin LI
delphij at frontfree.net
Thu Dec 30 06:01:48 PST 2004
On Wed, Dec 29, 2004 at 07:32:26PM +0000, Josef El-Rayes wrote:
> "Peter C. Lai" <sirmoo at cowbert.net>:
> > On Mon, Dec 27, 2004 at 06:18:30PM -0800, Julian Elischer wrote:
> > > might be a good idea if we "urged" users to update their phpbb a bit
> > > more vocally.
> >
> > Or if someone had been vigilant enough to add a vuxml entry about it back
> > in November. Waiting >30 days to update the database that portaudit uses
> > is a bit longish, don't you think? The "urging" to which you refer is
> > already one of the services provided by portaudit.
>
> first of all, if you run a machine you care about, you should think
> twice before installing a software which has a bad security track
> as phpBB has. secondly, most of the time we do not know security
> issue any earlier then they get posted to bugtraq or similiar
> mailinglists, so why dont you track these lists yourself?
I always have a headache with the phpBB installation for the FreeBSD
China Community. I personally subscribe to phpBB's CVS commit message
and patch immediately when they have committed something "interesting".
I would admit that it's a bit late for the vuxml chunk to catch up with
this. However, it's a good idea to catch up with every phpbb updates,
as almost every updates is related to security issues during the last
year[1]...
[1] http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/phpbb/Makefile
Cheers,
--
Xin LI <delphij frontfree net> http://www.delphij.net/
See complete headers for GPG key and other information.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20041230/2704d8e4/attachment.bin
More information about the freebsd-security
mailing list