Hi Thijs, On Monday 18 June 2007 16:05, Thijs Kinkhorst wrote: > > Moodle is not affected by this bug. Moodle's usage of the PHPMailer > > functions is safe wrt to this bug. > > That's good news, which means there's no need for security advisories. > However... > > > No upload needed to fix this. > > here I do not agree. The vulnerable code is still present, and I think it's > unwise to be shipping code that's known to be vulnerable. The problem might > resurface when someone (upstream, downstream) changes Moodle, or when > someone takes the code to use it in a different project. > > The fix is trivial. Please apply it (or better: make sure upstream applies > it), or remove the code altogether.
how is this related to ipplan? :-) With kind regards, Jan.
pgphVkhAJ7A4V.pgp
Description: PGP signature
