1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3750-2] libphp-phpmailer regression update

    From Thijs Kinkhorst@1:229/2 to All on Tue Jan 3 19:40:02 2017
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3750-2 [email protected] https://www.debian.org/security/ Thijs Kinkhorst January 3, 2017 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : libphp-phpmailer
    CVE ID : CVE-2016-10033
    Debian Bug : 849365

    A functionally regression was discovered in some specific usage
    scenarios of PHPMailer following the security update of DSA-3750. New
    packages have been released which correct the problem. The original
    advisory text follows for referecen.

    Dawid Golunski discovered that PHPMailer, a popular library to send
    email from PHP applications, allowed a remote attacker to execute
    code if they were able to provide a crafted Sender address.

    Note that for this issue also CVE-2016-10045 was assigned, which is a regression in the original patch proposed for CVE-2016-10033. Because
    the origial patch was not applied in Debian, Debian was not vulnerable
    to CVE-2016-10045.

    For the stable distribution (jessie), this problem has been fixed in
    version 5.2.9+dfsg-2+deb8u3.

    For the unstable distribution (sid), this problem has been fixed in
    version 5.2.14+dfsg-2.2.

    We recommend that you upgrade your libphp-phpmailer packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQEcBAEBCAAGBQJYa+25AAoJEFb2GnlAHawEUs8IAKYahU2KZMkzgjYBA1lmZ+2U 0GubkSidGQMkljRSXBzqCC/1+VZxHSvIDThLT8UkD8KCExoKrqtmilfFz65m2Eo4 kFVLMz0uG+sv9G9pd4dPlkWusvQVLZaP7xceqqVlIbvmAjNoAJJQ3C8nXLJFqPW+ x7g/QHK6q4QzC5aOJCgHuTxsG3geTKI1aa4TfMtK9Akusk7QM8GmPjJW3F9vt19V +XW0SLmhPT7W/GY5PaYfNtZmrnhWCltSpMMsANkaHSEyqqMe7arPyhbdbZnh5Y3E PrNOK2sIEWI/P3PXm0w93z0T2pFLSjLXHD72rGtIvPy8PWmt76QnFocNE4dpwFY=
    =HZaN
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)