[pkg-php-pear] Bug#962827: Fix uploaded to DELAYED/5: libphp-phpmailer: CVE-2020-13625

Paul Gevers elbrus at debian.org
Mon Jun 22 20:02:10 BST 2020


Package: libphp-phpmailer
Version: 6.1.5-0.1
Tags: patch  pending

Dear maintainer,

As announced I've prepared an upload for libphp-phpmailer (versioned as
6.1.6-1) and uploaded it to DELAYED/5. If anybody objects against me
adding myself as uploader, please tell me and I'll cancel the upload.

By the way, if anybody has a copy of the old git archive (I couldn't
find it on alioth-archive.debian.org) I would like to get one too.

Regards.
Paul

diff -Nru libphp-phpmailer-6.1.5/debian/changelog
libphp-phpmailer-6.1.6/debian/changelog
--- libphp-phpmailer-6.1.5/debian/changelog	2020-04-22
22:11:37.000000000 +0200
+++ libphp-phpmailer-6.1.6/debian/changelog	2020-06-22
20:31:41.000000000 +0200
@@ -1,3 +1,16 @@
+libphp-phpmailer (6.1.6-1) unstable; urgency=medium
+
+  * New upstream version 6.1.6
+    - CVE-2020-13625 an output escaping bug when the name of a file
+      attachment contains a double quote character. This can result in
+      the file type being misinterpreted by the receiver or any mail
+      relay processing the message (Closes: #962827)
+  * Add myself as uploader
+  * Drop Kevin Coyner <kcoyner at debian.org> as uploader (Closes: #929548)
+  * Point Vcs-* fields to the dgit server for now as Alioth is gone
+
+ -- Paul Gevers <elbrus at debian.org>  Mon, 22 Jun 2020 20:31:41 +0200
+
 libphp-phpmailer (6.1.5-0.1) unstable; urgency=medium

   * Non-maintainer upload
diff -Nru libphp-phpmailer-6.1.5/debian/control
libphp-phpmailer-6.1.6/debian/control
--- libphp-phpmailer-6.1.5/debian/control	2020-04-22 22:11:37.000000000
+0200
+++ libphp-phpmailer-6.1.6/debian/control	2020-06-22 20:31:41.000000000
+0200
@@ -2,12 +2,12 @@
 Section: php
 Priority: optional
 Maintainer: Debian PHP PEAR Maintainers
<pkg-php-pear at lists.alioth.debian.org>
-Uploaders: Kevin Coyner <kcoyner at debian.org>
+Uploaders: Paul Gevers <elbrus at debian.org>
 Build-Depends: debhelper (>= 7.4~), phpab, pkg-php-tools (>= 1.7~)
 Standards-Version: 3.9.7
 Homepage: https://github.com/PHPMailer/PHPMailer
-Vcs-Git: git://anonscm.debian.org/pkg-php/libphp-phpmailer.git
-Vcs-Browser:
http://anonscm.debian.org/gitweb/?p=pkg-php/libphp-phpmailer.git
+Vcs-Git: https://git.dgit.debian.org/libphp-phpmailer.git
+Vcs-Browser: https://browse.dgit.debian.org/libphp-phpmailer.git

 Package: libphp-phpmailer
 Architecture: all

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-php-pear/attachments/20200622/3216b155/attachment.sig>


More information about the pkg-php-pear mailing list