PublicDate: 2007-10-13 00:17:00 UTC
Candidate: CVE-2007-5208
References: 
 https://ubuntu.com/security/notices/USN-530-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5208
Description:
 hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) 1.x and
 2.x before 2.7.10 allows context-dependent attackers to execute arbitrary
 commands via shell metacharacters in a from address, which is not properly
 handled when invoking sendmail.
Ubuntu-Description: 
Notes: 
 kees> ran as a non-root user prior to Gutsy.
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: kees
CVSS: 
upstream_hplip: released (2.7.10)
dapper_hplip: not-affected
edgy_hplip: released (1.6.9-0ubuntu2.1)
feisty_hplip: released (1.7.3-0ubuntu1.1)
gutsy_hplip: released (2.7.7.dfsg.1-0ubuntu5)
devel_hplip: not-affected (2.7.10-3)