View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0006667 | mantisbt | security | public | 2006-02-03 19:58 | 2006-10-09 11:55 |
Reporter | tuxsoul | Assigned To | vboctor | ||
Priority | normal | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Fixed in Version | 1.1.0a1 | ||||
Summary | 0006667: Adodb and phpmailer update .... | ||||
Description | In mantisbt project have lib's adodb and phpmailer, but are out update. This is how report security focus, about the state from mantisbts. This lib's are critical updates: http://www.securityfocus.com/bid/16187 I'm think the update will be to 0.19.4 and 1.0.0rc5 version's Adodb 4.71-1 I see a report of phpmailer in the bug track system but the update only was a 1.72 version to mantisbt 1.0.0rc5, and mantisbt 0.19.4 never have update. I think so the both version will be to update, the version 0.19.4 for stable version, and 1.0.0rc5 for dev-version. sorry my english is bad =). | ||||
Tags | No tags attached. | ||||
The adodb issue was nullified by removing the offending test scripts. The php mailer is a non issue as we control the headers sent to phpmailer. These can never exceed the normal limits for a message. |
|
The second part of the adodb issue was resolved by making the server.php script only accept connections from localhost. |
|