Candidate: CVE-2012-0796
PublicDate: 2012-07-17 10:20:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0796
 http://openwall.com/lists/oss-security/2012/01/20/22
Description:
 class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x
 before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before
 2.2.1 and other products, allows remote authenticated users to inject
 arbitrary e-mail headers via vectors involving a crafted (1) From: or (2)
 Sender: header.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_moodle:
 upstream: http://git.moodle.org/gw?p=moodle.git;a=commit;h=62988bf0bbc73df655f51884aaf1f523928abff9
upstream_moodle: released (1.9.16)
hardy_moodle: ignored (reached end-of-life)
lucid_moodle: ignored (reached end-of-life)
maverick_moodle: ignored (reached end-of-life)
natty_moodle: ignored (reached end-of-life)
oneiric_moodle: ignored (reached end-of-life)
precise_moodle: not-affected (1.9.9.dfsg2-6)
quantal_moodle: not-affected (1.9.9.dfsg2-6)
raring_moodle: not-affected (1.9.9.dfsg2-6)
saucy_moodle: not-affected (1.9.9.dfsg2-6)
devel_moodle: not-affected (1.9.9.dfsg2-6)