CVE-2007-3215: remote shell command execution in class.phpmailer.php
Bug #293003 reported by
François Marier
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Debian |
Fix Released
|
Unknown
|
|||
mahara (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: mahara
Mahara has an embedded copy of phpmailer which is vulnerable to this:
CVE-2007-3215[1]:
> PHPMailer 1.7, when configured to use sendmail, allows remote attackers to
> execute arbitrary shell commands via shell metacharacters in the
> SendmailSend function in class.phpmailer
Changed in mahara: | |
status: | Fix Committed → Fix Released |
Changed in debian: | |
status: | Unknown → Fix Released |
To post a comment you must log in.
(Note that I am both the Debian maintainer and one of the upstream developers of this project)
I have a backport of this fix available in my PPA:
deb http:// ppa.launchpad. net/fmarier/ ubuntu intrepid main
(mahara_ 1.0.4-1ubuntu1~ ppa1)
Francois