Package: phpgroupware Severity: grave Tags: security, patch Justification: user security hole
Hi Peter, the following CVE (Common Vulnerabilities & Exposures) id was published for egroupware-core. CVE-2007-3215[0]: | PHPMailer 1.7, when configured to use sendmail, allows remote | attackers to execute arbitrary shell commands via shell metacharacters | in the SendmailSend function in class.phpmailer.php. You'll find a patch for the issue here[1]. However, it would be nice, if you could depend against the libphp-phpmailer package, instead of shipping a copy of the code. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. Cheers Steffen For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3215 http://security-tracker.debian.net/tracker/CVE-2007-3215 [1] http://klecker.debian.org/~white/libphp-phpmailer/class.phpmailer.php.patch -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]