[I read the ML, no need to CC me] Francois Marier wrote:
> (Please CC me on your replies, thanks) > > Hello, > > I have just uploaded mahara 1.0.4-3 to testing-proposed-updates in order to > fix these two RC bugs: > > 504170 - CVE-2008-4796: missing input sanitising in Snoopy.class.php > 504253 - CVE-2007-3215: remote shell command execution in class.phpmailer.php Just wondering, why don't you do the same for phpmailer? the package in lenny/sid is libphp-phpmailer. > > The fixes are quite small (as shown in the attached debdiff) and an upload > through unstable isn't possible since there is a new upstream version in > there already. > > Francois Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
