View Issue Details

IDProjectCategoryView StatusLast Update
0005102mantisbtbugtrackerpublic2006-04-20 06:30
Reporterpolzin Assigned Tograngeway  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionno change required 
Product Version0.19.2 
Summary0005102: Mantis requires php 4.1, not 4.0.6 as announced
Description

core/email_api.php uses vsprintf, which is in PHP since 4.1.

http://manuals.phpforum.de/php/function.vsprintf.php
http://www.mantisbt.org/requirements.php

Either core/email_api should be changed or the requirements should be updated.
Otherwise updating to 0.19.2 might silently break this function on systems with 4.0.6!

TagsNo tags attached.

Relationships

child of 0005460 closedvboctor Critical Issues to Fix for Mantis 1.0.0 Release 

Activities

jferraz

jferraz

2005-01-12 11:47

reporter   ~0008973

We have a critical vulnerability on PHP with all versions up to 4.3.9, the use of any version older than 4.3.10 is extremely discouraged. Although it is a big step, we can use this to raise Mantis requirements.

polzin

polzin

2005-01-13 04:09

reporter   ~0008995

@jferraz: Is this "critical vulnerability" documented somewhere?

jferraz

jferraz

2005-01-13 08:38

reporter   ~0008997

http://www.php.net/release_4_3_10.php
http://secunia.com/advisories/13481/

grangeway

grangeway

2005-04-22 14:45

reporter   ~0009873

vsprintf is included in php_api.

grangeway

grangeway

2005-04-22 14:45

reporter   ~0009874

vsprintf is included in php_api.

Issue History

Date Modified Username Field Change
2005-01-12 06:33 polzin New Issue
2005-01-12 11:47 jferraz Note Added: 0008973
2005-01-13 04:09 polzin Note Added: 0008995
2005-01-13 08:38 jferraz Note Added: 0008997
2005-04-20 07:46 grangeway Relationship added child of 0005460
2005-04-22 14:45 grangeway Status new => resolved
2005-04-22 14:45 grangeway Resolution open => fixed
2005-04-22 14:45 grangeway Assigned To => grangeway
2005-04-22 14:45 grangeway Note Added: 0009873
2005-04-22 14:45 grangeway Note Added: 0009874
2005-04-22 14:45 grangeway Fixed in Version => 1.0.0a2
2005-04-25 07:47 vboctor Status resolved => closed
2006-04-10 10:04 vboctor Status closed => resolved
2006-04-10 10:04 vboctor Resolution fixed => no change required
2006-04-20 06:30 vboctor Status resolved => closed