reassign 504283 egroupware thanks #504255 was already filed on phpgroupware, so I suppose that this one was meant for egroupware instead.
#504255 mentions a likely patch for egroupware, should felamimail still be around (even if a better fix may be to depend on updated libphp-phpmailer, of course. HtH Best regards, On Sun, Nov 02, 2008 at 11:28:15PM +1100, Steffen Joeris wrote: > Package: phpgroupware > Severity: grave > Tags: security, patch > Justification: user security hole > > Hi Peter, > the following CVE (Common Vulnerabilities & Exposures) id was > published for egroupware-core. > > CVE-2007-3215[0]: > | PHPMailer 1.7, when configured to use sendmail, allows remote > | attackers to execute arbitrary shell commands via shell metacharacters > | in the SendmailSend function in class.phpmailer.php. > > You'll find a patch for the issue here[1]. However, it would be nice, > if you could depend against the libphp-phpmailer package, instead > of shipping a copy of the code. > > If you fix the vulnerability please also make sure to include the > CVE id in your changelog entry. > > Cheers > Steffen > > For further information see: > > [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3215 > http://security-tracker.debian.net/tracker/CVE-2007-3215 > [1] > http://klecker.debian.org/~white/libphp-phpmailer/class.phpmailer.php.patch > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]