[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#429195: [CVE-2007-3215] remote shell command injection in PHPMailer

Package: flyspray
Severity: grave
Tags: security

A security bug has been discovered in PHPMailer:

| PHPMailer 1.7, when configured to use sendmail, allows remote
| attackers to execute arbitrary shell commands via shell metacharacters
| in the SendmailSend function in class.phpmailer.php


Your package contains a copy of PHPMailer.

Please mention the name CVE-2007-3215 in the changelog when fixing
this bug.  A security update for stable may be necessary.

PS: Please remove your copy of PHPMailer and use the package
libphp-phpmailer instead.

Reply to: