News: phpBB 2.0.12 was just released

  Post new topicReply to topicPrintable Version
<< View previous topic View next topic >>
Share: Del.icio.us  Digg  Google  Spurl  Blink  Furl  Y! MyWeb  
#1   News: phpBB 2.0.12 was just released
fncool
CZ Super Newbie
 Codezwiz Site Donator
fncool has been a member for over 19 year's 19 Year Member
canada.gif
Age: 62
Gender: Male
Status: Offline
Joined: Dec 19, 2004
0.01 posts per day
Posts: 56
Points: 4,786
   
I just received the email notification, thought i'd post it here, and not submit it as news, seeing as it's not been ported yet.
if an admin feels differently, then their work is half done.
icon_smile.gif

==================================
Subject: phpBB 2.0.12 released
Date: 22 Feb 2005 00:11:32

Hi everyone,

phpBB Group announces the release of phpBB 2.0.12. This release
addresses a couple of potential exploits and fixes a number of issues
involving path disclosures, etc. It also introduces a new ACP based
version check (language package maintainers please note the
additional localisation required for this). For further information
please see our announcements forum at [ Register or login to view links on this board. ]
[ Register or login to view links on this board. ]

As with all new releases we urge you to upgrade as soon as possible.
You can of course find this download available on our website at:
[ Register or login to view links on this board. ]

As per usual three packages are available to simplify your upgrade.
Upgrade information using the mod template should be available
shortly (for those who prefer this method).

--
Powered by PHPlist, [ Register or login to view links on this board. ] --




_________________
I'm only replying because I want those extra 22.52 points!
Back to top Reply with quote
#2   
Telli
Site Admin
Occupation: Self Employed
Age: 46
Gender: Male
Fav. Sports Team: Detroit Red Wings
Website:
Status: Offline
Joined: May 26, 2003
1.03 posts per day
Posts: 8089
Points: 494,440
   
[ Register or login to view links on this board. ]




_________________
The path of the righteous man is beset on all sides by the inequities of the selfish and the tyranny of evil men. Blessed is he, who in the name of charity and good will, shepherds the weak through the valley of darkness, for he is truly his brother's keeper and the finder of lost children. And I will strike down upon thee with great vengeance and furious anger those who would attempt to poison and destroy my brothers. And you will know my name is the Lord when I lay my vengeance upon thee. Ezekiel 25:17
Back to top Reply with quote
#3   re: News: phpBB 2.0.12 was just released
fncool
CZ Super Newbie
 Codezwiz Site Donator
fncool has been a member for over 19 year's 19 Year Member
canada.gif
Age: 62
Gender: Male
Status: Offline
Joined: Dec 19, 2004
0.01 posts per day
Posts: 56
Points: 4,786
   
Much thanks Telli, and no sooner....

Hi everyone,
phpBB Group announces the release of phpBB 2.0.13. This release
addresses two recent security exploits, one of them critical. They
were reported a few days after .12 was released and no one is more
annoyed than us, having to release a new version in such a short
period of time.
Fortunately both fixes are easy and in each case just one line needs
to be edited.
The first issue is critical and we urge you to fix it on your forums
as soon as possible:
Open includes/sessions.php
Find:

if( $sessiondata['autologinid'] == $auto_login_key )

Replace with:

if( $sessiondata['autologinid'] === $auto_login_key )

The second minor issue, reported to bugtraq several days ago, was the
path disclosure bug in viewtopic.php.

A second minor issue reported to bugtraq several days ago was the path disclosure bug in viewtopic.php which got fixed by applying the following steps:

Open viewtopic.php

Find:

$message = str_replace('\"', '"', substr(preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "preg_replace('#\b(" . $highlight_match . ")\b#i', '<span style=\"color:#" . $theme['fontcolor3'] . "\"><b>\\\\1</b></span>', '\\0')", '>' . $message . '<'), 1, -1));

Replace with:

$message = str_replace('\"', '"', substr(@preg_replace('#(\>(((?>([^><]+|(?R)))*)\<))#se', "@preg_replace('#\b(" . $highlight_match . ")\b#i', '<span style=\"color:#" . $theme['fontcolor3'] . "\"><b>\\\\1</b></span>', '\\0')", '>' . $message . '<'), 1, -1)); 



For further information on how
to manually fix this bug please see our announcements forum at [ Register or login to view links on this board. ] [ Register or login to view links on this board. ]
As with all new releases we urge you to upgrade as soon as possible.
You can of course find this download available on our website at: [ Register or login to view links on this board. ]
As per usual three packages are available to simplify your upgrade.



I haven't even checked if this is phpnuke compliant, but it looks to be.
at least this one is a simple code change.

icon_smile.gif



_________________
I'm only replying because I want those extra 22.52 points!
Back to top Reply with quote
Display posts from previous:      
Add To: Del.icio.us  Digg  Google  Spurl  Blink  Furl  Y! MyWeb  
<< View previous topic View next topic >>
Post new topicReply to topic

Jump to 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum