[pkg-php-pear] Bug#849365: libphp-phpmailer: CVE-2016-10033

Salvatore Bonaccorso carnil at debian.org
Mon Dec 26 09:54:47 UTC 2016


Source: libphp-phpmailer
Version: 5.2.9+dfsg-2
Severity: grave
Tags: security upstream
Justification: user security hole

Hi,

the following vulnerability was published for libphp-phpmailer.

CVE-2016-10033[0]:
remote code execution

Details though at the point of writing this bugreport are not yet
available. It is fixed in the new upstream version 5.2.18.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-10033
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10033

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore



More information about the pkg-php-pear mailing list