November 22, 2009, 4:00 pm
It was discovered that php-mail, a PHP PEAR module for sending email, has insufficient input sanitising, which might be used to obtain sensitive data from the system that uses php-mail.
For the oldstable distribution (etch), this problem has been fixed in version 1.1.6-2+etch1.
For the stable distribution (lenny), this problem has been fixed in version 1.1.14-1+lenny1.
For the testing distribution (squeeze), this problem will be fixed soon...