View Issue Details

WikiJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0006667mantisbtsecuritypublic2006-02-03 19:582006-10-09 11:55
Reportertuxsoul Assigned Tovboctor  
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Fixed in Version1.1.0a1 
Summary0006667: Adodb and phpmailer update ....
Description

In mantisbt project have lib's adodb and phpmailer, but are out update. This is how report security focus, about the state from mantisbts. This lib's are critical updates:

http://www.securityfocus.com/bid/16187

I'm think the update will be to 0.19.4 and 1.0.0rc5 version's

Adodb 4.71-1
http://prdownloads.sourceforge.net/adodb/adodb471-1.tgz?download
Phpmailer 1.73
http://prdownloads.sourceforge.net/phpmailer/phpmailer-1.73.tar.gz?download

I see a report of phpmailer in the bug track system but the update only was a 1.72 version to mantisbt 1.0.0rc5, and mantisbt 0.19.4 never have update.

I think so the both version will be to update, the version 0.19.4 for stable version, and 1.0.0rc5 for dev-version.

sorry my english is bad =).

TagsNo tags attached.

Relationships

related to 0006650 closedvboctor ADOdb can be exploited to execute arbitrary SQL code 
related to 0007616 closedgrangeway Can't create tables on postgresql 

Activities

thraxisp

thraxisp

2006-02-03 21:53

reporter   ~0012080

The adodb issue was nullified by removing the offending test scripts.

The php mailer is a non issue as we control the headers sent to phpmailer. These can never exceed the normal limits for a message.
ryandesign

ryandesign

2006-02-24 13:12

reporter   ~0012224

The second part of the adodb issue was resolved by making the server.php script only accept connections from localhost.