news 28 Posted January 3, 2017 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : libphp-phpmailer Version : 5.1-1.2 CVE ID : CVE-2016-10033 Debian Bug : 849365 Dawid Golunski discovered that PHPMailer, a popular library to send email from PHP applications, allowed a remote attacker to execute code if they were able to provide a crafted Sender address. Note that for this issue also CVE-2016-10045 was assigned, which is a regression in the original patch proposed for CVE-2016-10033. Because the origial patch was not applied in Debian, Debian was not vulnerable to CVE-2016-10045. For Debian 7 "Wheezy", these problems have been fixed in version 5.1-1.2. We recommend that you upgrade your libphp-phpmailer packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJYa8pJAAoJEFb2GnlAHawEYmkH/15S5c6QZAAkEySy1dBTVfd6 ar/zjqWI+4FDNBxixtVFI8uhv+47Q0Ri7TIekDjbHWU+Y/G/F9fUQYXGhSA+n9Rc xcNr3V1B/0QavOFCG674a36vWDAEyl2Qtq5AD8Znz4vJ7otSG9iv3JNJg6ojgkIA +UAgGQLzrMisggD84K1xkgdV/rPuAl2AxjUksryaO4+s1FQJXZ+nE7D+VFrItFUD nG5rKzOr+++DrAeVEJwN/TawUx3GadaDzMxQoRSWafmyczJIft/cbUnniEAJ5l8q zcmJOgkgruHGzdaIa4panyaRKPzf9MRtD1glIMnaZAtfQV+YPotREIn7+dhkRHo= =XFB1 -----END PGP SIGNATURE----- Share this post Link to post
