On Mon, 23 Nov 2009 06:40:19 pm Steffen Joeris wrote: > ------------------------------------------------------------------------ > Debian Security Advisory DSA-1938-1 security@debian.org > http://www.debian.org/security/ Steffen Joeris > November 23, 2009 http://www.debian.org/security/faq > ------------------------------------------------------------------------ > > Package : php-mail > Vulnerability : programming error > Problem type : remote > Debian-specific: no > CVE Id : No CVE id yet > > It was discovered that php-mail, a PHP PEAR module for sending email, > has insufficient input sanitising, which might be used to obtain > sensitive data from the system that uses php-mail. This is more code injection in general, but the above paragraph is not wrong. Cheers Steffen
Attachment:
signature.asc
Description: This is a digitally signed message part.