[SECURITY] [DLA 1591-1] libphp-phpmailer security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1591-1] libphp-phpmailer security update
From: Chris Lamb <lamby@debian.org>
Date: Fri, 23 Nov 2018 04:41:54 -0500
Message-id: <[🔎] 1542966114.3445373.1586414072.08E7C571@webmail.messagingengine.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libphp-phpmailer
Version        : 5.2.9+dfsg-2+deb8u4
CVE IDs        : CVE-2017-5223 CVE-2018-19296

It was discovered that there were two vulnerabilities libphp-phpmailer, an
email library for the PHP programming language:

  * CVE-2017-5223: Local file disclosure vulnerability via relative path
    HTML transformations.

  * CVE-2018-19296: Object injection attack.

For Debian 8 "Jessie", this issue has been fixed in libphp-phpmailer version
5.2.9+dfsg-2+deb8u4.

We recommend that you upgrade your libphp-phpmailer packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlv3y1IACgkQHpU+J9Qx
HliU8BAAtr8bEDPNoCYMmRIa39i/IWQp7cRW3NjF0iP6Kp6mR1/ZLICG1Xfs807B
B+S8WkKQPvo9OguBKbFLLKu1HncKkeC49Yc/+9KXI9XlPtquhZ/nLlMAhcAfVv2e
Nn67fCQT9Bua7wxtQ9pWZmabQm4WJsa614cTrxSjpmySFPms+S4uU+JlVzrtK0Q5
EheDBsY/f6NqCTThZfC9vy0zckj3P+6LEW6QzWktFVWbwYrcEXzIqtA8MOsMrpH/
PUrAjwP7FKBVXvkzeegVHPESz2AuK22ayFlcG8hzmrI4QyMQefrGgP5VQiLIlZS+
XZyiQFEN7AUDTxtJACmetoE8Ns62Vir+7oPIP6IqefU63CqlXpyHvYd9UlZGQZRy
QHqcPLyOP5G5Kb+nnr/SlK7NwhbpqFBtxLLcwrre8ADmfVyycY5HFjWDAz3VieTR
puNyC5oQhMA5+Uf/B91QHt8iAAlRVp5pLZcNX+igp1EAVuzCyT3OHnYrMIbSO5w+
USBo5D3Fl3SPJO3q+oisZNBlkw0VEstODGR1CrOg++8RA8GHoKI7eEMgZX/eZHY4
/pHlhH+aRZpRP7rgspOIzeL9eR8lDjaCIZnho4jJhM5GDGkzC+3JzPeZUWidu9VL
IG1cPslmAuikfokmo2kq7XDKq0Km3FjPtOc/cllS10s6c2oYPZM=
=egV+
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1590-1] openjdk-7 security update
Next by Date: [SECURITY] [DLA 1592-1] otrs2 security update
Previous by thread: [SECURITY] [DLA 1590-1] openjdk-7 security update
Next by thread: [SECURITY] [DLA 1592-1] otrs2 security update
Index(es):
- Date
- Thread