On Fri, Oct 18, 2013 at 5:10 PM, Marcos García <marcos...@gmail.com> wrote:
> I think we all knew about this vulnerabilities... And if not, we have been > warned about them months ago... > > But it is great that you fixed them. > > But I hoever do not understand well if they are fixed or just they have a temporary hact to prvent them , but as the text states which doesnt work in all situations ? Rgds Saxa > Regards, > > > *Marcos García* > > marcos...@gmail.com > > > > 2013/10/18 Doursenaud, Raphaël <rdoursen...@gpcsolutions.fr> > >> >> 2013/10/17 Laurent Léonard <laur...@open-minds.org> >> >>> As specified at the end of the article you pointed, those >>> vulnerabilities are >>> fixed in Dolibarr 3.4.1: >>> >> >> It also says "However, their sanitization methods were not fixed, and no >> mention was made on a future patch. Other SQLi vectors are likely." in the >> introduction. >> >> We should think about converting the source code to use parametrized >> queries. Maybe in a 4.0 branch ? >> What's your opinion ? >> -- >> *Raphaël Doursenaud* >> 05 35 53 97 13 - 06 68 48 20 10 >> rdoursen...@gpcsolutions.fr >> >> <http://gpcsolutions.fr> >> http://gpcsolutions.fr >> Technopole Hélioparc >> 2 avenue du Président Pierre Angot >> 64053 PAU CEDEX 9 >> SARL GPC.solutions au capital de 7 500 € - R.C.S. PAU 528 995 921 >> <https://www.google.com/a/partnersearch/#partner?partner_id=46687933_a0n60000000sqpWAAQ><http://wiki.dolibarr.org/index.php/Dolibarr_suppliers_France#GPC.solutions> >> >> _______________________________________________ >> Dolibarr-dev mailing list >> Dolibarr-dev@nongnu.org >> https://lists.nongnu.org/mailman/listinfo/dolibarr-dev >> >> > > _______________________________________________ > Dolibarr-dev mailing list > Dolibarr-dev@nongnu.org > https://lists.nongnu.org/mailman/listinfo/dolibarr-dev > >
_______________________________________________ Dolibarr-dev mailing list Dolibarr-dev@nongnu.org https://lists.nongnu.org/mailman/listinfo/dolibarr-dev
