Your message dated Wed, 20 Jun 2007 06:17:02 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#429179: fixed in libphp-phpmailer 1.73-4
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: libphp-phpmailer
Severity: grave
Tags: security upstream
A remote shell command injection vulnerability has been reported:
https://sourceforge.net/tracker/index.php?func=detail&aid=1734811&group_id=26031&atid=385707
A stable security update is necessary for this bug.
Please mention the name CVE-2007-3215 in the changelog when fixing
this bug.
--- End Message ---
--- Begin Message ---
Source: libphp-phpmailer
Source-Version: 1.73-4
We believe that the bug you reported is fixed in the latest version of
libphp-phpmailer, which is due to be installed in the Debian FTP archive:
libphp-phpmailer_1.73-4.diff.gz
to pool/main/libp/libphp-phpmailer/libphp-phpmailer_1.73-4.diff.gz
libphp-phpmailer_1.73-4.dsc
to pool/main/libp/libphp-phpmailer/libphp-phpmailer_1.73-4.dsc
libphp-phpmailer_1.73-4_all.deb
to pool/main/libp/libphp-phpmailer/libphp-phpmailer_1.73-4_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kevin Coyner <[EMAIL PROTECTED]> (supplier of updated libphp-phpmailer package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 16 Jun 2007 21:02:47 -0400
Source: libphp-phpmailer
Binary: libphp-phpmailer
Architecture: source all
Version: 1.73-4
Distribution: unstable
Urgency: high
Maintainer: Kevin Coyner <[EMAIL PROTECTED]>
Changed-By: Kevin Coyner <[EMAIL PROTECTED]>
Description:
libphp-phpmailer - full featured email transfer class for PHP
Closes: 429179
Changes:
libphp-phpmailer (1.73-4) unstable; urgency=high
.
* High urgency upload for security bug fix.
* Apply patch to properly validate input to prevent shell command execution
in class.phpmailer.php. See CVE-2007-3215. Closes: #429179.
* Add dpatch as Build-Depends.
Files:
5231fb00c5ae2717e4ecc23943b80cfe 890 web optional libphp-phpmailer_1.73-4.dsc
0b238499f492de820badab0f199838e0 3002 web optional
libphp-phpmailer_1.73-4.diff.gz
ebdb4db2b236c62733a25b159a30ee77 64722 web optional
libphp-phpmailer_1.73-4_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBRnjEdGz0hbPcukPfAQKrMwgAtKiKEx85CAPvzpwYQ5vJi9mu1iPkbnfU
0a0ICCzEP0WAqJjiChXWxSyQkkF1oRzp2vDJw7019ho2aJk7Gfxkm7CfaUCyv1Or
3TBOCCq5/wNb1CAZrx5P/vhduJ5a+URGmn/ViBwtZUcK7j/IRajxglh1BL2YGK9d
+jg6hELUmPkXSm6u8vG4lvoT8ZwUjM9edmh6t0QNvOUhFJGZpfk87Ec/ykb5UIkk
CYy6ad0vuhxXucMX86YtuSd079r0CNo+YZiBCHnEoTe0wig5JlkRjL1mg954eM6H
X2JFnbJDlHiExVR11D1MtHShEefxcypMW0MdG30mHtY7z+Qph5bFzw==
=bhjl
-----END PGP SIGNATURE-----
--- End Message ---
