CVE-2012-0796
Published: 17 July 2012
class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 and other products, allows remote authenticated users to inject arbitrary e-mail headers via vectors involving a crafted (1) From: or (2) Sender: header.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
moodle Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
| lucid |
Ignored
(end of life)
|
|
| maverick |
Ignored
(end of life)
|
|
| natty |
Ignored
(end of life)
|
|
| oneiric |
Ignored
(end of life)
|
|
| precise |
Not vulnerable
(1.9.9.dfsg2-6)
|
|
| quantal |
Not vulnerable
(1.9.9.dfsg2-6)
|
|
| raring |
Not vulnerable
(1.9.9.dfsg2-6)
|
|
| saucy |
Not vulnerable
(1.9.9.dfsg2-6)
|
|
| upstream |
Released
(1.9.16)
|
|
|
Patches: upstream: http://git.moodle.org/gw?p=moodle.git;a=commit;h=62988bf0bbc73df655f51884aaf1f523928abff9 |
||