[pkg-php-pear] Bug#849365: libphp-phpmailer: CVE-2016-10033

Salvatore Bonaccorso carnil at debian.org
Wed Dec 28 04:38:04 UTC 2016


On Mon, Dec 26, 2016 at 10:54:47AM +0100, Salvatore Bonaccorso wrote:
> Source: libphp-phpmailer
> Version: 5.2.9+dfsg-2
> Severity: grave
> Tags: security upstream
> Justification: user security hole
> 
> Hi,
> 
> the following vulnerability was published for libphp-phpmailer.
> 
> CVE-2016-10033[0]:
> remote code execution

Further analysis of the fix via
https://github.com/PHPMailer/PHPMailer/commit/4835657cd639fbd09afd33307cef164edf807cdc
has shown that this fix might be incomplete. See

http://www.openwall.com/lists/oss-security/2016/12/28/1

for further details.

Regards,
Salvatore



More information about the pkg-php-pear mailing list