It is questionable that this is called a security vulnerability. The responsibility of sanitising the supplied e-mailaddresses is the domain of the person building an application on top of php-mail - blindly accepting any input and passing it on is not secure.
What php-mail does is add an extra layer of protection which is a good security *feature* but in my opinion not a bug in previous versions. Similarly you could state that the 'sendmail' command is buggy because it accepts random Bcc headers. -- php-mail vulnerable to header forgery https://bugs.launchpad.net/bugs/71738 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
