[Vtigercrm-developers] vTiger mulitple vulnerabilities

Brett Hooker brett.hooker at saucesoft.com
Wed Aug 23 16:55:51 PDT 2006 

Business users will need a patch as they have weigh up testing and 
learning the latest features, versus fixing a security hole right now.  
Inclusion in the trunk is assumed.

Mike Fedyk wrote:
>
> If there are any patches published, they should go into the 4.2.5 
> release.  No more "patch" releases.  That is what point releases are for.
>
>  
>
> ------------------------------------------------------------------------
>
> *From:* vtigercrm-developers-bounces at lists.vtigercrm.com 
> [mailto:vtigercrm-developers-bounces at lists.vtigercrm.com] *On Behalf 
> Of *Gopal
> *Sent:* Tuesday, August 22, 2006 9:23 PM
> *To:* vtigercrm-developers at lists.vtigercrm.com
> *Subject:* Re: [Vtigercrm-developers] vTiger mulitple vulnerabilities
>
>  
>
> Dear Mike O'Loan,
>
> Thanks for notifying issues in some of the modules. We will ensure 
> that these issues are fixed immediately. If required we will release a 
> patch for v4.2.3 immediately.
>
> Regards,
> Gopal
> ---
> S.S.G.Gopal
> skype: sripadag
> ph: +1 877 788 4437
> blog: http://gopal.vtiger.com
>
>
>
>
> ---- On Tue, 22 Aug 2006 *Mike O'Loan <mike.oloan at saucesoft.com>* 
> wrote ----
>
> The following files still have the same SQL injection vulnerability, 
> carried over from vTiger 4.2.3. Although these aren't a problem with 
> magic_quotes_gpc turned ON, it still needs to be fixed. It has been 
> fixed in other modules by putting the PearDatabase::quote() function 
> around any variable that needs to be placed in an SQL statement.
>
> Affected files:
> modules\Faq\ListView.php
> modules\HelpDesk\ListView.php
> modules\Invoice\Popup.php
> modules\Leads\ListView.php
> modules\Leads\Popup.php
> modules\Products\Popup.php
>
> Implementing this would reduce the SQL injection vulnerability for 
> vTiger 4.2.x
>
> -- 
> Mike O'Loan
> Chief Technical Officer
> Sauce Software Pty Ltd
>
>
>      http://saucesoft.com
>      Phone: +61 1300 559 165
>      Fax: +61 7 3009 0442
>      Email: mike.oloan at saucesoft.com <mailto:mike.oloan at saucesoft.com> 
> _______________________________________________
> Get started with creating presentations online - http://zohoshow.com?vt
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Get started with creating presentations online - http://zohoshow.com?vt 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20060824/49e52f0d/attachment-0004.html

More information about the vtigercrm-developers mailing list