With reference to the exec exploit in phpBB. A new release, phpBB 2.0.11 is now available (in all usual forms) from our site, www.phpbb.com. For those users not wishing to upgrade we strongly urge (again) you at least implement the fix posted previously to bugtraq (see http://www.phpbb.com/phpBB/viewtopic.php?t=240513). Again, may I urge all those who discover exploits in any application, inform the authors first. If you (and indeed the authors) find no way to take advantage of the exploit, and subsequently do discover a method, again inform the authors. At www.phpbb.com we maintain a security tracker (www.phpbb.com/security/) which gives both private (for as yet undisclosed issues) and public (for fixed or invalid issues) access to note issues with our software. Please use it! psoTFX, phpbb.com
