CVE-2015-3880

NameCVE-2015-3880
DescriptionOpen redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google Chrome to arbitrary web sites and conduct phishing attacks via unspecified vectors.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
phpbb3 (PTS)jessie, jessie (lts)3.0.12-5+deb8u4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
phpbb3sourcewheezy3.0.10-4+deb7u3
phpbb3sourcejessie3.0.12-5+deb8u1
phpbb3source(unstable)3.0.14-1

Notes

[squeeze] - phpbb3 <no-dsa> (Minor issue)
https://wiki.phpbb.com/Release_Highlights/3.0.14
Patch: https://github.com/phpbb/phpbb/commit/1a3350619f428d9d69d196c52128727e27ef2f04
https://www.openwall.com/lists/oss-security/2015/05/12/2

Search for package or bug name: Reporting problems