Sortie de PunBB 1.2.13

28.09.2006, 17:14 Une nouvelle version de punBB est sortie, elle dispose de nombreuses améliorations en ce qui concerne les vulnérabilités potentielles du portail.

CitationYesterday, I posted about the supposed "poison NULL byte vulnerability". I ranted on about how PunBB wasn't vulnerable and how I disliked the way vulnerability databases worked. Guess what? I was wrong! Through the help of a very nice editor at CVE, I was able to get in touch with the researcher behind the report and he clarified the issue for me. I had completely misunderstood what the vulnerability was about. Turns out I was wrong both on the vulnerability and in my generalization of how bad vulnerability databases work. I'm sorry for that.

So, today I have the pleasure of announcing PunBB 1.2.13. A release I've internally dubbed the "I'm a moron" release. PunBB 1.2.13 deals with the NULL byte injection vulnerability and adds support for HttpOnly cookies. The NULL byte injection is only exploitable by administrators so there's no need to rush. Nevertheless, I recommend that everyone upgrade.

Small note: If you have a look at the patch and the hdiff for this release, you'll notice there are what appears as non-existent changes in the unregister_globals() function. Nevermind these. It's just an update to get rid of some Windows style linebreaks.

Over and out.
 mumuri forum.ashots.org
mumuri
mumuri
Messages : 12 755

  • forum
  • dessin animé
  • astuces de jeux vidéos
  • allo ciné
  • bourse
  • avis films
  • anime
  • avis livres
  • séries télé
  • smileys
Tous droits réservés © 2008 . Top flood Crédits des logiciels tiers.   - en partenariat avec flood.fr .