Package: php5 Severity: important Tags: security Quoting from http://bugs.php.net/bug.php?id=35307:
Description: ------------ The unexpected header can be injected at the mb_send_mail function. The mail function is doing the check of the unexpected control code to "To" and "Subject". However, the mb_send_mail function isn't doing a check. By the feature of the function overload, mail function is exchanged for the mb_send_mail function. Therefore, it thinks that the check like the mail function is necessary about the mb_send_mail function, too. This has been assigned CVE-2005-3883 and it's fixed upstream in 5.1.0. Cheers, Moritz -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14-2-686 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]