| Name | CVE-2005-3883 |
| Description | CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 341368, 341726 |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| php4 | source | (unstable) | 4:4.4.2-1 | medium | 341726 | |
| php5 | source | (unstable) | 5.1.1-1 | medium | 341368 |
[sarge] - php4 <no-dsa> (application's job to sanitize input)