1
Candidate: CVE-2009-4023
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4023
6
Argument injection vulnerability in the sendmail implementation of the
7
Mail::Send method (Mail/sendmail.php) in the Mail package 1.1.14 for PEAR
8
allows remote attackers to read and write arbitrary files via a crafted
9
$from parameter, a different vector than CVE-2009-4111.
13
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=557121
14
http://pear.php.net/bugs/bug.php?id=16200
20
vendor: http://www.debian.org/security/2009/dsa-1938
21
upstream_php-mail: needs-triage
22
dapper_php-mail: released (1.1.6-2+etch1build0.6.06.1)
23
hardy_php-mail: released (1.1.6-2+etch1build0.8.04.1)
24
intrepid_php-mail: released (1.1.14-1+lenny1build0.8.10.1)
25
jaunty_php-mail: released (1.1.14-1+lenny1build0.9.04.1)
26
karmic_php-mail: released (1.1.14-1+lenny1build0.9.10.1)
27
devel_php-mail: not-affected (1.1.14-2)