FYI, a patch has been included in recent upload of phpgroupware
(1:0.9.16.012+dfsg-9) in order to fix the code although it is normally not used.
Best regards,
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
Le dimanche 09 novembre 2008 à 08:59 +1100, Dave Hall a écrit :
Hi Thijs,
On Sat, 2008-11-08 at 21:52 +0100, Thijs Kinkhorst wrote:
On Sunday 2 November 2008 13:34, Steffen Joeris wrote:
+phpgroupware (0.9.16.011-2.3) stable-security; urgency=high
+
+ * Non-maintainer upload.
On Sunday 2 November 2008 13:34, Steffen Joeris wrote:
+phpgroupware (0.9.16.011-2.3) stable-security; urgency=high
+
+ * Non-maintainer upload.
+ * Fix remote shell command execution in class.phpmailer.php :
+ CVE-2007-3215 (Closes: #504255).
Can someone from the security team
Hi Thijs,
On Sat, 2008-11-08 at 21:52 +0100, Thijs Kinkhorst wrote:
On Sunday 2 November 2008 13:34, Steffen Joeris wrote:
+phpgroupware (0.9.16.011-2.3) stable-security; urgency=high
+
+ * Non-maintainer upload.
+ * Fix remote shell command execution in class.phpmailer.php :
+
Package: phpgroupware-felamimail
Severity: grave
Version: 0.9.16.011-2.2
Tags: security patch
Hi,
The following CVE (Common Vulnerabilities Exposures) id was published for
PHPMailer, which affects the embedded copy shipped in
phpgroupware-felamimail[0].
CVE-2007-3215[1]:
PHPMailer 1.7, when
Le dimanche 02 novembre 2008 à 00:56 -0600, Raphael Geissert a écrit :
Hi,
The following CVE (Common Vulnerabilities Exposures) id was published for
PHPMailer, which affects the embedded copy shipped in
phpgroupware-felamimail[0].
CVE-2007-3215[1]:
PHPMailer 1.7, when configured to
Le dimanche 02 novembre 2008 à 11:13 +0100, Olivier Berger a écrit :
Thanks for spotting this problem.
The referred [2] patch is actually not exactly apllicable to the version
of class.phpmailer.php shipped in phpgroupware 0.9.11, and the correct
one is attached.
I'll try and work on
On Sun, 2 Nov 2008 09:49:32 pm Olivier Berger wrote:
Le dimanche 02 novembre 2008 à 11:13 +0100, Olivier Berger a écrit :
Thanks for spotting this problem.
The referred [2] patch is actually not exactly apllicable to the version
of class.phpmailer.php shipped in phpgroupware 0.9.11, and
Le dimanche 02 novembre 2008 à 00:56 -0600, Raphael Geissert a écrit :
However, it would be
better if phpgroupware-felamimail just depended on libphp-phpmailer (also
available in etch) and the include/require calls changed to use the copy
provided by that package, to avoid shipping yet
On Sun, 2 Nov 2008 11:34:28 pm Steffen Joeris wrote:
On Sun, 2 Nov 2008 09:49:32 pm Olivier Berger wrote:
Le dimanche 02 novembre 2008 à 11:13 +0100, Olivier Berger a écrit :
Thanks for spotting this problem.
The referred [2] patch is actually not exactly apllicable to the
version
Le dimanche 02 novembre 2008 à 23:34 +1100, Steffen Joeris a écrit :
Can someone from the security team take care of review and the upload ?
The patch looks good. I'll sponsor the upload. Thanks for your work.
Thanks.
P.S. If you want to use phpmailer stuff again, please use a dependency
11 matches
Mail list logo
