[pkg-php-pear] Bug#849365: libphp-phpmailer: CVE-2016-10033
Salvatore Bonaccorso
carnil at debian.org
Wed Dec 28 04:38:04 UTC 2016
On Mon, Dec 26, 2016 at 10:54:47AM +0100, Salvatore Bonaccorso wrote:
> Source: libphp-phpmailer
> Version: 5.2.9+dfsg-2
> Severity: grave
> Tags: security upstream
> Justification: user security hole
>
> Hi,
>
> the following vulnerability was published for libphp-phpmailer.
>
> CVE-2016-10033[0]:
> remote code execution
Further analysis of the fix via
https://github.com/PHPMailer/PHPMailer/commit/4835657cd639fbd09afd33307cef164edf807cdc
has shown that this fix might be incomplete. See
http://www.openwall.com/lists/oss-security/2016/12/28/1
for further details.
Regards,
Salvatore
More information about the pkg-php-pear
mailing list