[SECURITY] [DLA 2306-1] libphp-phpmailer security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2306-1] libphp-phpmailer security update
From: Abhijith PA <abhijith@disroot.org>
Date: Sun, 2 Aug 2020 10:09:28 +0530
Message-id: <[🔎] fe3a7427-d0f8-a302-2853-21961e225330@disroot.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2306-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Abhijith PA
August 01, 2020                               https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libphp-phpmailer
Version        : 5.2.14+dfsg-2.3+deb9u2
CVE ID         : CVE-2020-13625
Debian Bug     : 962827

It was discovered that there was an escaping issue in
libphp-phpmailer, an email generation utility class for the PHP
programming language.

The `Content-Type` and `Content-Disposition` headers could have
permitted file attachments that bypassed attachment filters which
match on filename extensions.

For Debian 9 stretch, this problem has been fixed in version
5.2.14+dfsg-2.3+deb9u2.

We recommend that you upgrade your libphp-phpmailer packages.

For the detailed security status of libphp-phpmailer please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libphp-phpmailer

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl8mQ3gACgkQhj1N8u2c
KO//lQ//cNjg4k7DZlsBE+ilFtDRb/KyvNJPM6UTXHOe2RkB1Pna22/b6zA+VkEd
fDE/dO9gi8/pcLSGAeiUJO0kR70zAH0y/rkEGJN6RfK1lsUs9eUEoEkx/mPXuRy3
WQfElWLDLlDhsqBNPt7ml5HhuKRVpCy0kE5M/BwPsD+TyYg8Mun7+0PvcV8CTZcV
9T0FHu6BG6hPJ7zSHy5+HsOdc83e7T6YpwndGm/Dhz8EtMgMmUhA3qWKrO2vykRz
Av+bqsrcsk+3Rtxn/7ERTD/LnwmiP1s0z3ZnjpB6IA/ILS44HyY5dAHf8rd6/Pvm
pBUJ9M2oF2JiEhdtxt676XNcbMtYtP9Wy1l6NW+1/zmLI7ZqW0aVpzTGqWGLsFzl
8Oxw4qUTGq2URosz3Xr3qluvxNUhD7hZthUJGWqpI2pd6xKVORtPc0T2XQvUXHv1
Rzwjz7GVlRg/q0y6fcTxRiY1dco/UQbYwiGs1Se1kwf2jWEx+FKpbAOfT4oChqcj
CCxQbHla/SITjaowjjSP6XP3boY+iM6tfkxHg92eoUjuFxUlG34nIrWpVbpWvILF
1FwpL8qJOZRxVAMqvb+Ah07tks+ahzrKilvTZEZlGD2ljUpKpDhDZOwG4LkCNZmn
pACw9ChqLdXqtc9GdDAh9gjl/Rczh1dVfelzxm9hZK7fAfbbB0I=
=2VjE
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2308-1] libopenmpt security update
Next by Date: [SECURITY] [DLA 2309-1] evolution-data-server security update
Previous by thread: [SECURITY] [DLA 2308-1] libopenmpt security update
Next by thread: [SECURITY] [DLA 2309-1] evolution-data-server security update
Index(es):
- Date
- Thread