On Sunday 2 November 2008 13:34, Steffen Joeris wrote: > > +phpgroupware (0.9.16.011-2.3) stable-security; urgency=high > > + > > + * Non-maintainer upload. > > + * Fix remote shell command execution in class.phpmailer.php : > > + CVE-2007-3215 (Closes: #504255).
> > Can someone from the security team take care of review and the upload ? > > The patch looks good. I'll sponsor the upload. Thanks for your work. I am not sure on how this would be exploited. The code execution only happens when choosing the 'sendmail' method of PhpMailer, which is not the default. I cannot find a way to configure phpgroupware to use the 'sendmail' method. Can someone enlighten me? cheers, Thijs
pgpoWHs8VmWZs.pgp
Description: PGP signature
