Solved: Re: SUPEE-6137 & SUPEE-2996

letssewllc · ‎05-26-2017

I got an email about there being these two updates for an SQL injection issue. I was wondering if this was legit because of the email addresses they came from.

The one for 6137 came from a cqlifoof@magento.com

The one for 2996 came from a avbgzyb@magento.com

I get the feeling that these two emails are not legit. Attached to them is a document called SUPEEFIX.doc and I am hesitant to download it. I am just wanting to know if either of these are legit and not an attempt at the ransomware stuff that has been going around.

Mukesh Tiwari · ‎05-27-2017

Hi @letssewllc

Do not download any attachment from these emails. These are for the fake patches which Magento did not release. All Magento1 patches can be downloaded from https://magento.com/tech-resources/download under release archive section.

---
Problem Solved Click Accept as Solution!:Magento Community India Forum

View solution in original post

letssewllc · ‎05-27-2017

It keeps happening with different numbers and a different "sender"

Mukesh Tiwari · ‎05-27-2017

Hi @letssewllc

Do not download any attachment from these emails. These are for the fake patches which Magento did not release. All Magento1 patches can be downloaded from https://magento.com/tech-resources/download under release archive section.

---
Problem Solved Click Accept as Solution!:Magento Community India Forum

letssewllc · ‎05-27-2017

@Mukesh Tiwari

Thanks, that is what I figured but I just wanted to be 100% sure

sherrie · ‎05-29-2017

Hi @letssewllc, what @Mukesh Tiwari said is correct. All the patches are available on the downloads page.

--

Developer Relations, Adobe Experience Cloud
Problem solved? Click Accept as Solution!
Still stuck? Check out our documentation: https://magento.com/resources/technical