Bug#429191: [CVE-2007-3215] remote shell command injection in PHPMailer

To: submit@bugs.debian.org
Subject: Bug#429191: [CVE-2007-3215] remote shell command injection in PHPMailer
From: Florian Weimer <fw@deneb.enyo.de>
Date: Sat, 16 Jun 2007 11:13:08 +0200
Message-id: <[🔎] E1HzULE-0002Nr-BB@mid.deneb.enyo.de>
Reply-to: Florian Weimer <fw@deneb.enyo.de>, 429191@bugs.debian.org

Package: flyspray
Severity: grave
Tags: security

A security bug has been discovered in PHPMailer:

| PHPMailer 1.7, when configured to use sendmail, allows remote
| attackers to execute arbitrary shell commands via shell metacharacters
| in the SendmailSend function in class.phpmailer.php

<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3215>
<https://sourceforge.net/tracker/index.php?func=detail&aid=1734811&group_id=26031&atid=385707>

Your package contains a copy of PHPMailer.

Please mention the name CVE-2007-3215 in the changelog when fixing
this bug.  A security update for stable may be necessary.

PS: Please remove your copy of PHPMailer and use the package
libphp-phpmailer instead.

Reply to:

Follow-Ups:
- Bug#429191: marked as done ([CVE-2007-3215] remote shell command injection in PHPMailer)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#429195: [CVE-2007-3215] remote shell command injection in PHPMailer
Next by Date: Processed: merging 429191 429195
Previous by thread: Bug#429195: marked as done ([CVE-2007-3215] remote shell command injection in PHPMailer)
Next by thread: Bug#429191: marked as done ([CVE-2007-3215] remote shell command injection in PHPMailer)
Index(es):
- Date
- Thread