Candidate: CVE-2008-5619
PublicDate: 2008-12-17 02:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5619
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508909
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508628
 https://ubuntu.com/security/notices/USN-791-1
Description:
 html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer
 before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and
 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to
 execute arbitrary code via crafted input that is processed by the
 preg_replace function with the eval switch.
Ubuntu-Description:
Notes:
 mdeslaur> moodle recently copied roundcube's html2text due to their copy being
  non-free (1.8.2.dfsg-1)
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_moodle:
upstream_moodle: released (1.8.2.dfsg-2)
dapper_moodle: not-affected (didn't get roundcube's html2text)
gutsy_moodle: needs-triage (reached end-of-life)
hardy_moodle: released (1.8.2-1ubuntu4.2)
intrepid_moodle: released (1.8.2-1.2ubuntu2.1)
jaunty_moodle: not-affected (1.9.4.dfsg-0ubuntu1)
devel_moodle: not-affected (1.9.4.dfsg-0ubuntu1)

Patches_roundcube:
 debdiff: https://bugs.launchpad.net/ubuntu/+source/roundcube/+bug/316550
upstream_roundcube: released (0.1.1-9)
dapper_roundcube: DNE
gutsy_roundcube: not-affected
hardy_roundcube: released (0.1~rc2-6ubuntu0.1)
intrepid_roundcube: released (0.1.1-7ubuntu0.1)
jaunty_roundcube: not-affected (0.1.1-10)
devel_roundcube: not-affected (0.1.1-10)