Multiple vulnerabilities have been found in phpBB, the worst of which may allow remote attackers to inject arbitrary web script or HTML.
|Package||www-apps/phpBB on all architectures|
|Affected versions||< 3.1.10|
phpBB is an Open Source bulletin board package.
Multiple vulnerabilities have been discovered in phpBB. Please review the CVE identifiers referenced below for details.
A remote attacker may be able to change settings, inject arbitrary web script or HTML, or conduct cross-site request forgery (CSRF) attacks.
There is no known workaround at this time.
Gentoo Security support has been discontinued due to phpBB being dropped to unstable. As such, we recommend that users unmerge phpBB:
# emerge --unmerge "www-apps/phpBB"
NOTE: Users could alternatively upgrade to “>=www-apps/phpBB-3.1.10”, however, these packages are not currently marked stable.
January 11, 2017
January 11, 2017: 1