CVE-2008-5619

Publication date 17 December 2008

Last updated 24 July 2024

Ubuntu priority

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
moodle	9.04 jaunty	Not affected
	8.10 intrepid	Fixed 1.8.2-1.2ubuntu2.1
	8.04 LTS hardy	Fixed 1.8.2-1ubuntu4.2
	7.10 gutsy	Ignored
	6.06 LTS dapper	Not affected
roundcube	9.04 jaunty	Not affected
	8.10 intrepid	Fixed 0.1.1-7ubuntu0.1
	8.04 LTS hardy	Fixed 0.1~rc2-6ubuntu0.1
	7.10 gutsy	Not affected
	6.06 LTS dapper	Not in release

Notes

mdeslaur

moodle recently copied roundcube's html2text due to their copy being non-free (1.8.2.dfsg-1)

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
roundcube	Debdiff: https://bugs.launchpad.net/ubuntu/+source/roundcube/+bug/316550

References

Related Ubuntu Security Notices (USN)