Bug#429343: Needs to use libphp-phpmailer

[Moritz Muehlenhoff]

Package: ipplan
Severity: serious

Your package includes a copy of PHPMailer, which also is packaged as
libphp-phpmailer in the archive. You need to fix your package
to use the system-wide library. Otherwise it requires too much overhead
whenever a vulnerability in PHPMailer is found. (like right now CVE-2007-3215)

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=UTF-8)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#429343: Needs to use libphp-phpmailer

[Jan Wagner]

severity 429343 grave
merge 429193 429343

On Sunday 17 June 2007 12:43, Moritz Muehlenhoff wrote:
 Package: ipplan
 Severity: serious

 Your package includes a copy of PHPMailer, which also is packaged as
 libphp-phpmailer in the archive. You need to fix your package
 to use the system-wide library. Otherwise it requires too much overhead
 whenever a vulnerability in PHPMailer is found. (like right now
 CVE-2007-3215)

Hi Moritz,

thanks for your bugreport. There is allready a bug (429193) open about the 
issue. A bugfix is available at 
http://ftp.cyconet.org/debian/archive/official/ipplan/4.85-2/ipplan_4.85-2.dsc, 
but waiting for my sponsor. Since the debconf takes place and the package is 
not in stable, I don't feel any pressure at the moment.
Anyways, if anybody is willing to upload the package, feel free to do so.

Thanks and with kind regards, Jan.


pgpVny9uCL3Cd.pgp
Description: PGP signature