Commit dbdd9f22 authored by Helmut Hummel's avatar Helmut Hummel Committed by Oliver Hader
Browse files

[SECURITY] Fix RCE in swiftmailer

A remote code execution vulnerability was fixed upstream
which is now also fixed in the code we deliver with TYPO3.

This is not a full upgrade of the library but a backport
of the security fix.

Change-Id: I17c960e0c087b011032754839a2dafb0e2e57b50
Resolves: #59573
Releases: 4.5, 4.6, 4.7, 6.0, 6.1, 6.2
Security-Commit: 59331a6bfbcba0f7f0683a3bd0726670f2e1c7b5
Security-Bulletin: TYPO3-CORE-SA-2014-002
Reviewed-on: http://review.typo3.org/33448


Reviewed-by: Oliver Hader's avatarOliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader's avatarOliver Hader <oliver.hader@typo3.org>
parent 5c8081ad
......@@ -115,7 +115,7 @@ class Swift_Transport_SendmailTransport
if (false === strpos($command, ' -f'))
{
$command .= ' -f' . $this->_getReversePath($message);
$command .= ' -f' . escapeshellarg($this->_getReversePath($message));
}
$buffer->initialize(array_merge($this->_params, array('command' => $command)));
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment