[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 817-1] libphp-phpmailer security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libphp-phpmailer
Version        : 5.1-1.3+deb7u1
CVE ID         : CVE-2017-5223
Debian Bug     : #853232

It was discovered that there was a local file disclosure vulnerability in
libphp-phpmailer, a email transfer class for PHP, where insufficient parsing of
HTML messages could potentially be used by attacker to read a local file.

For Debian 7 "Wheezy", this issue has been fixed in libphp-phpmailer version
5.1-1.3+deb7u1.

We recommend that you upgrade your libphp-phpmailer packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAliYOsMACgkQHpU+J9Qx
HlhV4BAAoiPxzEcuo/886pJcR8ogmVvVCK5CBviEne259wRsSG7N2cZFuY8oYhY/
MhV+24YM0eNkclxk7KlHASRMXgsm1I+ocfpdbqFIiTDohDYBxx2R/KvwW2ohCqMK
4Z/QrbFVib+P9ZDkanqBUk+6uq5QfUEbUzcvC150Y4odIKC6h0F4lrfkoGgR2Kcp
CjoFmE8Dgdta0OS3n0XH+sYGBJJXFr02n0UsRHgM6rsjC6w6tK0TmbO9ZE+uiDqX
nS/A+M3pXxX6kaXZg4hPVTdxgIILztix347BgsTeIwotxd0bmysmirqXJfYA/fqy
pLb4Ps6rk3CAM0dviss9vWhd4Si9iT0HsaF3hQZFM8T+lOg3hSFnzfSlZCp3HHUw
koD0jLOcVWNjaeF6iF19mr6w0Gbgm4RJP/vw2uKoCflw4C8QvQVKYj1ecabXKN6b
urZHRiWGa6nu16EnIf9EJ1SUf7RhpABaGCg9Jd3Mhl5zS2n20uSTb9ktzkRbCAhG
PZ8nJdjpjwaerZeRt3G3nveW25LdPMQcAuNCgQL0xAWFhoGtckMjqPDdrV4lm8yC
x2kvbnVDFGbXqK2foin7p8s9AgG6PisTgOuy2BwVf3YzjkFx3LrMG+W9xt403XXJ
WuuF2ylc7NgeqclpWXHAP+E8B2lELMYgWeuOY6DTmjuH/8NvPAk=
=yOg7
-----END PGP SIGNATURE-----


Reply to: