Debian Security Advisory
DLA-817-1 libphp-phpmailer -- LTS security update
- Date Reported:
- 06 Feb 2017
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2017-5223.
- More information:
It was discovered that there was a local file disclosure vulnerability in libphp-phpmailer, a email transfer class for PHP, where insufficient parsing of HTML messages could potentially be used by attacker to read a local file.
For Debian 7
Wheezy, this issue has been fixed in libphp-phpmailer version 5.1-1.3+deb7u1.
We recommend that you upgrade your libphp-phpmailer packages.