Bug#429343: Still important to fix
Hi Thijs, On Monday 18 June 2007 16:05, Thijs Kinkhorst wrote: > > Moodle is not affected by this bug. Moodle's usage of the PHPMailer > > functions is safe wrt to this bug. > > That's good news, which means there's no need for security advisories. > However... > > > No upload needed to fix this. > > here I do not agree. The vulnerable code is still present, and I think it's > unwise to be shipping code that's known to be vulnerable. The problem might > resurface when someone (upstream, downstream) changes Moodle, or when > someone takes the code to use it in a different project. > > The fix is trivial. Please apply it (or better: make sure upstream applies > it), or remove the code altogether. how is this related to ipplan? :-) With kind regards, Jan. pgphVkhAJ7A4V.pgp Description: PGP signature
Bug#429343: Still important to fix
On Monday 18 June 2007 17:43, Jan Wagner wrote: > how is this related to ipplan? :-) I sent it to the wrong bug... a fix has already been sent to [EMAIL PROTECTED] Sorry for the noise. Thijs pgpGLFgkLTe8F.pgp Description: PGP signature
Bug#429343: Still important to fix
reopen 429343 severity 429343 important thanks Hi, > Moodle is not affected by this bug. Moodle's usage of the PHPMailer > functions is safe wrt to this bug. That's good news, which means there's no need for security advisories. However... > No upload needed to fix this. here I do not agree. The vulnerable code is still present, and I think it's unwise to be shipping code that's known to be vulnerable. The problem might resurface when someone (upstream, downstream) changes Moodle, or when someone takes the code to use it in a different project. The fix is trivial. Please apply it (or better: make sure upstream applies it), or remove the code altogether. thanks, Thijs pgpeQ7EaVkAO7.pgp Description: PGP signature
