Commit 4079e1a4 authored by Helmut Hummel's avatar Helmut Hummel Committed by Oliver Hader
Browse files

[SECURITY] Fix RCE in swiftmailer

A remote code execution vulnerability was fixed upstream
which is now also fixed in the code we deliver with TYPO3.

This is not a full upgrade of the library but a backport
of the security fix.

Change-Id: I9709d45dd18a84f73c556696338b417dfb18c1f7
Resolves: #59573
Releases: 4.5, 4.6, 4.7, 6.0, 6.1, 6.2
Security-Commit: 9dc4f8e903fe9d6ee7a6dcfbbb5cf16471b13952
Security-Bulletin: TYPO3-CORE-SA-2014-002
Reviewed-on: http://review.typo3.org/33450

Reviewed-by: Oliver Hader's avatarOliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader's avatarOliver Hader <oliver.hader@typo3.org>
parent c4def092
......@@ -115,7 +115,7 @@ class Swift_Transport_SendmailTransport
if (false === strpos($command, ' -f'))
{
$command .= ' -f' . $this->_getReversePath($message);
$command .= ' -f' . escapeshellarg($this->_getReversePath($message));
}
$buffer->initialize(array_merge($this->_params, array('command' => $command)));
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment