On Sun Jun 17, 2007 at 18:20:01 +0200, Thijs Kinkhorst wrote: > For stable I've checked whether it's > vulnerable and I believe it's not: the vulnerability is in the SendmailSend() > function. That requires for the calling code to actually use the sendmail > method, which Flyspray does not allow in any configuration. > > I suppose the security team does not send advisories for insecure code that > is > not called?
Agreed. > As an additional note: sarge is not vulnerable because it doesn't contain a > copy of the phpmailer class at all. :) So we don't need to do anything, perfect! Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]