Package: php5
Severity: important
Tags: security
Quoting from http://bugs.php.net/bug.php?id=35307:
Description:
------------
The unexpected header can be injected at the mb_send_mail function.
The mail function is doing the check of the unexpected control code to
"To" and "Subject".
However, the mb_send_mail function isn't doing a check.
By the feature of the function overload, mail function is exchanged for
the mb_send_mail function.
Therefore, it thinks that the check like the mail function is necessary
about the mb_send_mail function, too.
This has been assigned CVE-2005-3883 and it's fixed upstream in 5.1.0.
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-2-686
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
