[php-maint] Bug#341368: CVE-2005-3883: Injection of arbitrary
values into the To:-header of the md_send_mail() function
jmm at inutil.org
Wed Nov 30 09:08:57 UTC 2005
Quoting from http://bugs.php.net/bug.php?id=35307:
The unexpected header can be injected at the mb_send_mail function.
The mail function is doing the check of the unexpected control code to
"To" and "Subject".
However, the mb_send_mail function isn't doing a check.
By the feature of the function overload, mail function is exchanged for
the mb_send_mail function.
Therefore, it thinks that the check like the mail function is necessary
about the mb_send_mail function, too.
This has been assigned CVE-2005-3883 and it's fixed upstream in 5.1.0.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-2-686
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
More information about the pkg-php-maint