[SECURITY] [DLA 2244-1] libphp-phpmailer security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2244-1] libphp-phpmailer security update
From: "Chris Lamb" <lamby@debian.org>
Date: Thu, 11 Jun 2020 15:27:34 +0100
Message-id: <[🔎] 69c86cc3-9bcd-4db5-b9ec-432edfdfa3b3@sloti26t01>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libphp-phpmailer
Version        : 5.2.9+dfsg-2+deb8u6
CVE ID         : CVE-2020-13625

It was discovered that there was an escaping issue in
libphp-phpmailer, an email generation utility class for the PHP
programming language.

The `Content-Type` and `Content-Disposition` headers could have
permitted file attachments that bypassed attachment filters which
match on filename extensions. For more information, please see the
following URL:

  https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj

For Debian 8 "Jessie", this issue has been fixed in libphp-phpmailer version
5.2.9+dfsg-2+deb8u6.

We recommend that you upgrade your libphp-phpmailer packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Regards,

- --
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl7iPloACgkQHpU+J9Qx
HlgGIRAAsMP74ljuteUlwnzOhu/RjKMVjC3nfTMEUAr0nnBYw4BQxTurAOSDV0We
P3K8bJPlbPGWyK+K2mjjCG60D4Tg5yJx7VBS9uRbKPK8PPisenmE9+z1GIf+IFT/
hhP2osqSI97Q0ckl7FxZIrIA1KymKu0DFQkt9zF5ztaM/0gtbxLs9dZoOds0dzYg
SQQzS9GSySV/iY4TZvJpHi40f0SwN6rgEd8tBRKMx0tW57qrFAD4/sXTIETmxs4t
cgn0A9WNWQcxjCbixeyeX4Wq7p9b+sbAKTgwV9rc/E18TaI4Y1eUwQE/8srHg8Oi
NSND81yH/UPSStEZQn9INFcxRDK3k64S5QtFyRmjlVQzzaZIqtu5VvbUP+cmi3gP
FHqDAV9Bjpo+Xqz2FWrYcAyGv9iC3kBW3TtMceuvSQHTF9pF4KlMAjyu42Krw4EY
0MAY9CMO0AxiBToeEY+fZIk3GQoE6cRbZbQAUcYga5OfPV0YRUvvUz8g5gsXHZlI
mgTbNhgoI0RI42fsBFduOzdrbELL0FR1Tc5qbDi889E9AbcBCaWgsiZlrXvEr8xt
Je/vlKvmg25hY71BbqGb3oa6uYlEYkaby5eJ8rxdc5qJq3qrkWgxriwypzXm/kmh
VGQXOQfDEYd0crU/QwtKfqcWBYW2q/mZqRSaxYZkF7S7uJ7KZnk=
=JNcj
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2241-2] linux security update
Next by Date: [SECURITY] [DLA 2245-1] mysql-connector-java security update
Previous by thread: [SECURITY] [DLA 2241-2] linux security update
Next by thread: [SECURITY] [DLA 2245-1] mysql-connector-java security update
Index(es):
- Date
- Thread