[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#429191: flyspray phpmailer: not relevant for stable



On Sun Jun 17, 2007 at 18:20:01 +0200, Thijs Kinkhorst wrote:

> For stable I've checked whether it's 
> vulnerable and I believe it's not: the vulnerability is in the SendmailSend() 
> function. That requires for the calling code to actually use the sendmail 
> method, which Flyspray does not allow in any configuration.
> 
> I suppose the security team does not send advisories for insecure code that is 
> not called?

  Agreed.

> As an additional note: sarge is not vulnerable because it doesn't contain a 
> copy of the phpmailer class at all.

  :)

  So we don't need to do anything, perfect!

Steve
-- 




Reply to: