Security
Security
Multiple vulnerabilities have been found in phpBB, the worst of which may allow remote attackers to inject arbitrary web script or HTML.
| Package | www-apps/phpBB on all architectures |
|---|---|
| Affected versions | < 3.1.10 |
| Unaffected versions |
phpBB is an Open Source bulletin board package.
Multiple vulnerabilities have been discovered in phpBB. Please review the CVE identifiers referenced below for details.
A remote attacker may be able to change settings, inject arbitrary web script or HTML, or conduct cross-site request forgery (CSRF) attacks.
There is no known workaround at this time.
Gentoo Security support has been discontinued due to phpBB being dropped to unstable. As such, we recommend that users unmerge phpBB:
# emerge --unmerge "www-apps/phpBB"
NOTE: Users could alternatively upgrade to “>=www-apps/phpBB-3.1.10”, however, these packages are not currently marked stable.
Release date
January 11, 2017
Latest revision
January 11, 2017: 1
Severity
normal
Exploitable
remote
Bugzilla entries