[pkg-php-pear] Bug#913912: libphp-phpmailer: CVE-2018-19296
Salvatore Bonaccorso
carnil at debian.org
Fri Nov 16 20:26:49 GMT 2018
Source: libphp-phpmailer
Version: 5.2.14+dfsg-2.3
Severity: grave
Tags: patch security upstream
Hi,
The following vulnerability was published for libphp-phpmailer.
CVE-2018-19296[0]:
| PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object
| injection attack.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-19296
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19296
[1] https://github.com/PHPMailer/PHPMailer/commit/f1231a9771505f4f34da060390d82eadb8448271
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the pkg-php-pear
mailing list