Hi Thijs, On Sat, 2008-11-08 at 21:52 +0100, Thijs Kinkhorst wrote: > On Sunday 2 November 2008 13:34, Steffen Joeris wrote: > > > +phpgroupware (0.9.16.011-2.3) stable-security; urgency=high > > > + > > > + * Non-maintainer upload. > > > + * Fix remote shell command execution in class.phpmailer.php : > > > + CVE-2007-3215 (Closes: #504255). > > > > Can someone from the security team take care of review and the upload ? > > > > The patch looks good. I'll sponsor the upload. Thanks for your work. > > I am not sure on how this would be exploited. The code execution only happens > when choosing the 'sendmail' method of PhpMailer, which is not the default. I > cannot find a way to configure phpgroupware to use the 'sendmail' method. > > Can someone enlighten me?
After a quick code check this was my conclusion as well. Cheers Dave -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
