On Mon, Nov 17, 2008 at 11:33:07AM +0100, Thijs Kinkhorst wrote:
> severity 504283 serious
> thanks
>
> Hi,
>
> I don't see a possibility to exploit this specific vulnerability in
> egroupware, because it is triggered when using the Sendmail backend, and
> there is no way to set this backend.
>
> Still, this doesn't excuse the shipping of a copy of libphp-phpmailer
> inside the package, which should be easy to fix for lenny and prevent
> these kinds of issues to pop up during the stable lifetime.
Lenny's phpmailer is 1.73, while egroupware uses 1.71. Since 1.72 drops
some functionality this might cause regressions. I think this can be
tagged lenny-ignore and fixed with upstream for Squeeze by moving to
a more recent phpmailer.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
