Re: Upload of mahara 1.0.4-3 to testing-proposed-updates
[I read the ML, no need to CC me]
Francois Marier wrote:
> (Please CC me on your replies, thanks)
>
> Hello,
>
> I have just uploaded mahara 1.0.4-3 to testing-proposed-updates in order to
> fix these two RC bugs:
>
> 504170 - CVE-2008-4796: missing input sanitising in Snoopy.class.php
> 504253 - CVE-2007-3215: remote shell command execution in class.phpmailer.php
Just wondering, why don't you do the same for phpmailer? the package in
lenny/sid is libphp-phpmailer.
>
> The fixes are quite small (as shown in the attached debdiff) and an upload
> through unstable isn't possible since there is a new upstream version in
> there already.
>
> Francois
Cheers,
--
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net
Reply to: