[pkg-php-pear] Bug#849365: libphp-phpmailer: CVE-2016-10033 (wordpress not vulnerable)
Craig Small
csmall at debian.org
Thu Dec 29 00:45:20 UTC 2016
On Wed, 28 Dec 2016 11:31:11 +0100 Salvatore Bonaccorso <carnil at debian.org>
wrote:
> > > the following vulnerability was published for libphp-phpmailer.
> > >
> > > CVE-2016-10033[0]:
> > > remote code execution
I would like to point out that wordpress has an embedded/modified version
of PHPmailer in it at wp-includes/class-phpmailer.php
However, the wordpress developers have stated that if it is used correctly
it is no vulnerable to it. It means that the core system and
correctly written plugins have no impact[1].
Sorry, to hijack the libphp-phpmailer bug but I thought it should be noted
somewhere wordpress, for once, isn't vulnerable.
- Craig
1: https://core.trac.wordpress.org/ticket/37210
--
Craig Small (@smallsees) http://dropbear.xyz/ csmall at : enc.com.au
Debian GNU/Linux http://www.debian.org/ csmall at : debian.org
GPG fingerprint: 5D2F B320 B825 D939 04D2 0519 3938 F96B DF50 FEA5
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-pear/attachments/20161229/175bafe8/attachment.html>
More information about the pkg-php-pear
mailing list