lp:debian/phpbb2

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

12. By Thijs Kinkhorst on 2008-10-06

Add --debconf-ok switch to ucf rather than tty redirection,
solving hanging postinst on noninteractive installs. Thanks
James Westby for the patch (Closes: #501258).

11. By Thijs Kinkhorst on 2007-01-14

* Selected patches from upstream 2.0.22 for security issues:
* CVE-2006-6421: Cross-site scripting (XSS) vulnerability in the private
  message box implementation (Closes: #402140).
* CVE-2006-6841: Cross Site Request Forgery was possible with some forms.
* CVE-2006-6840: Prevent negative start parameter. Exploitability unknown,
  but flagged by upstream as a security fix and a harmless change.
* CVE-2006-6839: Improve check for bad redirection targets, exploitability
  unkown, but flagged by upstream as a security fix and a harmless change.
  (Closes: #402140)

* Added German debconf translation by Matthias Julius (Closes: #404160).

10. By Thijs Kinkhorst on 2006-11-13

[ Jeroen van Wolffelaar ]
* Also in comments in apache.conf w.r.t. second board, put the avatar
  aliassing before the generic aliassing, because otherwise it won't work.

[ Thijs Kinkhorst ]
* Do not set special permissions on gallery path, it works fine without
  write- but needs read permission for avatar display (Closes: #395470).
* Add Security section to README.Debian; also add register_globals off
  setting for php5 in apache.conf.
* Add 051_only_show_active_users.diff: do not show users who have registered
  but didn't confirm yet / haven't been approved by the admin in the member
  list or as the "newest user" (Partially addresses: #391775).

9. By Thijs Kinkhorst on 2006-10-01

* Medium urgency upload for low-risk, but still, security bug.
* CVE-2006-4758: patch admin/admin_board.php for file upload
  vulnerability by administrator (Closes: #388120).
* Add XS-Vcs-Svn-Url header.

8. By Thijs Kinkhorst on 2006-09-17

Fix postrm scripts to work when debconf is not present anymore
(Closes: #388331).

7. By Thijs Kinkhorst on 2006-07-04

* New upstream release (Closes: #345359, #375865).
  + Addresses obscure security bug: XSS with onmouseover, only exploitable
    with Internet Explorer and Allow HTML on which is highly unrecommended
    by this package. (CVE-2005-4357, Closes: #344674, #345359)
  + Obsoletes 027_CVE-2006-1896_admin_cmd_exec.diff.

* Add 019_disable_logintries.diff: skip this new feature since it's
  incompatible with the database-layout.

* [JvW] Add to source package disabled patch to enable visual
  confirmation for guest posts if visual confirmation is enabled for
  registration
  http://www.phpbb.com/files/mods/guest_confirmation_1_0_1a.mod

* Add 101_fix_german.diff: fixes for German translation, thanks
  Mathias Hasselmann (Closes: #363676).
* Add Dutch translation by myself.

* Checked for standards version 3.7.2, no changes necessary.
* Update my maintainer address.

6. By Thijs Kinkhorst on 2006-05-23

* High urgency because of a release critical security bug.

* Fix missing sanitizing of the Font Colour 3 variable in viewtopic.php,
  which allowed for PHP code execution by board admins. Found by "noch22".
  (Closes: #365533, CVE-2006-1896)

* Add Russian debconf translation, thanks Yuriy Talakan' (Closes: #367155).

5. By Jeroen van Wolffelaar on 2005-12-05

* Fix compression of SQL schema's, which broke phpbb2-conf-mysql too
  (Closes: #341991)
* Fix upgrade of /usr/share/doc/phpbb2/schemas from dir to symlink by removing
  the dir in preinst (Closes: #342081)
* [TK] Russian translation fixes by Alexander Gerasiov (Closes: #336623).

4. By Thijs Kinkhorst on 2005-05-12

* Security: Fix cross site scripting in [url] and [img] bbcode
  (Closes: #308282)
* Jeroen: Change dependencies to work correctly when only having
  libapache-mod-php installed, while remaining to work correctly when only
  having 'php4' installed (from woody, then)

3. By Jeroen van Wolffelaar on 2005-03-13

* [CAN-2005-0673] Fix cross-side-scripting in private message signatures
  and in normal posts when users has enabled HTML despite board prohibition,
  based on anonymous patch on BugTraq:
  http://lists.virus.org/bugtraq-0503/msg00087.html (Closes: #298690)
* In documentation tell that the initial admin user is 'Admin', not 'admin',
  as in PostgreSQL this is significant (Closes: #298512)