[geeklog-devel] PHP Vulns
dirk at haun-online.de
Sat Dec 18 04:09:46 EST 2004
>It looks like the code in Geeklog proper is OK but pear distributed with
>Geekloog and magpierss (used in spamx) use some of the vulnerable functions.
>At least Geeklog was not listed as a vulnerable script like:
Well, they surely can't test each and every open source project ...
I came to the same conclusion (that Geeklog is not affected) when the
vulnerabilities were announced on Thursday since I know that that core
code isn't using any of those functions. But I didn't check the 3rd-party
code. I doubt there's a way to exploit the vulnerabilities there, though.
More information about the geeklog-devel