mahara-packaging team mailing list archive

Thread
Date

[Bug 293003] Re: CVE-2007-3215: remote shell command execution in class.phpmailer.php

To: mahara-packaging@xxxxxxxxxxxxxxxxxxx
From: Bug Watch Updater <293003@xxxxxxxxxxxxxxxxxx>
Date: Thu, 11 Aug 2011 06:32:24 -0000
Reply-to: Bug 293003 <293003@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: debian
       Status: Unknown => Fix Released

-- 
You received this bug notification because you are a member of Mahara
Packaging, which is subscribed to mahara in Ubuntu.
https://bugs.launchpad.net/bugs/293003

Title:
  CVE-2007-3215: remote shell command execution in class.phpmailer.php

Status in “mahara” package in Ubuntu:
  Fix Released
Status in Debian GNU/Linux:
  Fix Released

Bug description:
  Binary package hint: mahara

  Mahara has an embedded copy of phpmailer which is vulnerable to this:

  CVE-2007-3215[1]:
  > PHPMailer 1.7, when configured to use sendmail, allows remote attackers to
  > execute arbitrary shell commands via shell metacharacters in the
  > SendmailSend function in class.phpmailer.php.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mahara/+bug/293003/+subscriptions