On Sun, 2 Nov 2008 09:49:32 pm Olivier Berger wrote: > Le dimanche 02 novembre 2008 à 11:13 +0100, Olivier Berger a écrit : > > Thanks for spotting this problem. > > > > The referred [2] patch is actually not exactly apllicable to the version > > of class.phpmailer.php shipped in phpgroupware 0.9.11, and the correct > > one is attached. > > > > I'll try and work on preparing a patched package later today. > > > > Best regards, > > Here's a proposed change for the source package, that should solve this > problem. > > $ interdiff -z phpgroupware_0.9.16.011-2.2.diff.gz > phpgroupware_0.9.16.011-2.3.diff.gz diff -u > phpgroupware-0.9.16.011/debian/changelog > phpgroupware-0.9.16.011/debian/changelog --- > phpgroupware-0.9.16.011/debian/changelog > +++ phpgroupware-0.9.16.011/debian/changelog > @@ -1,3 +1,11 @@ > +phpgroupware (0.9.16.011-2.3) stable-security; urgency=high > + > + * Non-maintainer upload. > + * Fix remote shell command execution in class.phpmailer.php : > + CVE-2007-3215 (Closes: #504255). > + > + -- Olivier Berger <[EMAIL PROTECTED]> Sun, 02 Nov 2008 > 11:36:15 +0100 + > phpgroupware (0.9.16.011-2.2) unstable; urgency=low > > * Non-maintainer upload. > only in patch2: > unchanged: > --- phpgroupware-0.9.16.011.orig/felamimail/inc/class.phpmailer.inc.php > +++ phpgroupware-0.9.16.011/felamimail/inc/class.phpmailer.inc.php > @@ -591,9 +591,9 @@ > */ > function sendmail_send($header, $body) { > if ($this->Sender != "") > - $sendmail = sprintf("%s -oi -f %s -t", $this->Sendmail, > $this->Sender); + $sendmail = sprintf("%s -oi -f %s -t", > escapeshellcmd($this->Sendmail), escapeshellarg($this->Sender)); else > - $sendmail = sprintf("%s -oi -t", $this->Sendmail); > + $sendmail = sprintf("%s -oi -t", escapeshellcmd($this->Sendmail)); > > if([EMAIL PROTECTED] = popen($sendmail, "w")) > { > --------------------- > > Note that I haven't tested phpgroupware-felamimail to see if this patch is > valid. > > I'm not so sure about the changelog format also... and in any case, I can't > upload it. > > Can someone from the security team take care of review and the upload ? The patch looks good. I'll sponsor the upload. Thanks for your work.
Cheers Steffen P.S. If you want to use phpmailer stuff again, please use a dependency against libphp-phpmailer ;)
signature.asc
Description: This is a digitally signed message part.