[SECURITY] [DLA 792-1] libphp-swiftmailer security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : libphp-swiftmailer
Version : 4.1.5-1+deb7u1
CVE ID : CVE-2016-10074
Debian Bug : 849626
Dawid Golunski from legalhackers-com [1] discovered that the mail
transport in Swift Mailer allowed remote attackers to pass extra
parameters to the mail command and consequently execute arbitrary code
via a \" (backslash double quote) in a crafted e-mail address in the
From, ReturnPath, or Sender header.
[1]
https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html
For Debian 7 "Wheezy", these problems have been fixed in version
4.1.5-1+deb7u1.
We recommend that you upgrade your libphp-swiftmailer packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAliBCsJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQ6iA//TrRHL7SkfY9gJUbqXLfvGlbovKcbqSi0jA7b2pVlWWkWrW5YJET4i2iw
/vmmT4tE4CEoAhtgFGjj/mK75CisvEVIlNZLr11JAAR0guicv3NfWHXFOoj+CwIO
QUg5/iadRibxcs9pj+xEe5dEMjIPQZG6nfSnKDXoutLAPicDLfMyuwHN9M7QDK2c
eczvNWgZfQXEokOGRU0KiNHPRAFoDdpB4tMXL9KFcN48x+6dltAu2oyzd7mqJ5Qs
azvckPxwsWPwz5UN6AC+szQkeefuzp5L7BQ6DsOZaSjyWYPeg4xN/KVXXjb4Hn0i
ok7Gi9XmQi/UHIRj9ATPluhz6uMvEobwDq+sjhzfAl6p2IkteDjZ8o7NvAHqu4tR
9anltB2bQ4nTmOGGu4qjH8PZif/zHieZmC+3qMmKn/mI7QF1Y9EhslINQEX9xlKW
c9KMh4Vlpgc+6kZGoa6RoTCF9TuQp8laQhdlbtL7gbYDVPd04StEXLqEd8B3pzGg
wN75Uwa5q/ij9oAjJKdubxRlZe7gH/gDA9exhE0JCMPHdyQ+hvU//pIGhrBm9biH
/kkea4THTaG4ts1MRzmzZUbLdRz5uh+Nr/jaqaK2+z6tJM8fihjcxwfGCxQq858p
NfSfnrevkjeNgg2TDwQAiId7jNlmBl+Sgr256SthNtKLY6NkXW4=
=lQDY
-----END PGP SIGNATURE-----
Reply to: