reopen 429190 severity 429190 important close 429343 4.85-2 severity 429343 grave thanks
(sorry, sent to the wrong bug before) Hi, > Moodle is not affected by this bug. Moodle's usage of the PHPMailer > functions is safe wrt to this bug. That's good news, which means there's no need for security advisories. However... > No upload needed to fix this. here I do not agree. The vulnerable code is still present, and I think it's unwise to be shipping code that's known to be vulnerable. The problem might resurface when someone (upstream, downstream) changes Moodle, or when someone takes the code to use it in a different project. The fix is trivial. Please apply it (or better: make sure upstream applies it), or remove the code altogether. thanks, Thijs
pgp6aaMG3nO4n.pgp
Description: PGP signature
