Bug#429191: flyspray phpmailer: not relevant for stable
On Sun Jun 17, 2007 at 18:20:01 +0200, Thijs Kinkhorst wrote:
> For stable I've checked whether it's
> vulnerable and I believe it's not: the vulnerability is in the SendmailSend()
> function. That requires for the calling code to actually use the sendmail
> method, which Flyspray does not allow in any configuration.
> I suppose the security team does not send advisories for insecure code that is
> not called?
> As an additional note: sarge is not vulnerable because it doesn't contain a
> copy of the phpmailer class at all.
So we don't need to do anything, perfect!