[Pkg-roundcube-maintainers] Bug#508628: roundcube: remote code execution vuln in html2text.php, uses preg_replace with "e".
Florian Weimer
fw at deneb.enyo.de
Sun Dec 14 18:31:03 UTC 2008
* Andreas Henriksson:
> If you want something to investigate, both moodle and horde3 have
> "html2text.php" files, although different - they both use the e modifier
> together with preg_replace.
I think we need to prevent exploitation at the PHP level, even if it
breaks backwards compatibility. 8-/
More information about the Pkg-roundcube-maintainers
mailing list