CVE-2008-5619
Published: 17 December 2008
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch.
Notes
| Author | Note |
|---|---|
| mdeslaur | moodle recently copied roundcube's html2text due to their copy being non-free (1.8.2.dfsg-1) |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
moodle Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(didn't get roundcube's html2text)
|
| gutsy |
Ignored
(end of life, was needs-triage)
|
|
| hardy |
Released
(1.8.2-1ubuntu4.2)
|
|
| intrepid |
Released
(1.8.2-1.2ubuntu2.1)
|
|
| jaunty |
Not vulnerable
(1.9.4.dfsg-0ubuntu1)
|
|
| upstream |
Released
(1.8.2.dfsg-2)
|
|
|
roundcube Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| gutsy |
Not vulnerable
|
|
| hardy |
Released
(0.1~rc2-6ubuntu0.1)
|
|
| intrepid |
Released
(0.1.1-7ubuntu0.1)
|
|
| jaunty |
Not vulnerable
(0.1.1-10)
|
|
| upstream |
Released
(0.1.1-9)
|
|
|
Patches: debdiff: https://bugs.launchpad.net/ubuntu/+source/roundcube/+bug/316550 |
||