Univention Bugzilla – Bug 48306
libphp-phpmailer: Multiple issues (4.3)
Last modified: 2018-12-12 13:45:42 CET
New Debian libphp-phpmailer 5.2.14+dfsg-2.3+deb9u1 fixes: This update addresses the following issue: * PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. (CVE-2018-19296)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/libphp-phpmailer_5.2.14+dfsg-2.3.dsc +++ apt/ucs_4.3-0-errata4.3-3/source/libphp-phpmailer_5.2.14+dfsg-2.3+deb9u1.dsc @@ -1,3 +1,8 @@ +5.2.14+dfsg-2.3+deb9u1 [Sat, 01 Dec 2018 15:09:47 +0100] Salvatore Bonaccorso <carnil@debian.org>: + + * Non-maintainer upload by the Security Team. + * object injection vulnerability (CVE-2018-19296) (Closes: #913912) + 5.2.14+dfsg-2.3 [Sat, 25 Feb 2017 19:15:08 +0100] Markus Koschany <apo@debian.org>: * Non-maintainer upload. <http://10.200.17.11/4.3-3/#4819250554348217245>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-3] 21a437177b Bug #48306: libphp-phpmailer 5.2.14+dfsg-2.3+deb9u1 doc/errata/staging/libphp-phpmailer.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) [4.3-3] 3edc0c5c5e Bug #48306: libphp-phpmailer 5.2.14+dfsg-2.3+deb9u1 doc/errata/staging/libphp-phpmailer.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<http://errata.software-univention.de/ucs/4.3/379.html>