[pkg-php-pear] Bug#962827: libphp-phpmailer: CVE-2020-13625
carnil at debian.org
Sun Jun 14 20:23:30 BST 2020
Tags: security upstream
Control: found -1 6.0.6-0.1
Control: found -1 5.2.14+dfsg-2.3+deb9u1
Control: found -1 5.2.14+dfsg-2.3
The following vulnerability was published for libphp-phpmailer.
Filling as RC severity as currently as libphp-phpmailer seems
currently without maintainer. Bullseye should ideally be released with
an active maintainer for libphp-phpmailer.
| PHPMailer before 6.1.6 contains an output escaping bug when the name
| of a file attachment contains a double quote character. This can
| result in the file type being misinterpreted by the receiver or any
| mail relay processing the message.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
More information about the pkg-php-pear