Debian Security Advisory
DLA-1591-1 libphp-phpmailer -- LTS security update
- Date Reported:
- 23 Nov 2018
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2017-5223, CVE-2018-19296.
- More information:
It was discovered that there were two vulnerabilities libphp-phpmailer, an email library for the PHP programming language:
Local file disclosure vulnerability via relative path HTML transformations.
Object injection attack.
For Debian 8
Jessie, this issue has been fixed in libphp-phpmailer version 5.2.9+dfsg-2+deb8u4.
We recommend that you upgrade your libphp-phpmailer packages.