|
|
Subscribe / Log in / New account

Debian alert DLA-2244-1 (libphp-phpmailer)



From:
              "Chris Lamb" <lamby@debian.org> 


To:
              debian-lts-announce@lists.debian.org 


Subject:
              [SECURITY] [DLA 2244-1] libphp-phpmailer security update 


Date:
              Thu, 11 Jun 2020 15:27:34 +0100


Message-ID:
              <69c86cc3-9bcd-4db5-b9ec-432edfdfa3b3@sloti26t01>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libphp-phpmailer
Version        : 5.2.9+dfsg-2+deb8u6
CVE ID         : CVE-2020-13625

It was discovered that there was an escaping issue in
libphp-phpmailer, an email generation utility class for the PHP
programming language.

The `Content-Type` and `Content-Disposition` headers could have
permitted file attachments that bypassed attachment filters which
match on filename extensions. For more information, please see the
following URL:

  https://github.com/PHPMailer/PHPMailer/security/advisorie...

For Debian 8 "Jessie", this issue has been fixed in libphp-phpmailer version
5.2.9+dfsg-2+deb8u6.

We recommend that you upgrade your libphp-phpmailer packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Regards,

- --
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl7iPloACgkQHpU+J9Qx
HlgGIRAAsMP74ljuteUlwnzOhu/RjKMVjC3nfTMEUAr0nnBYw4BQxTurAOSDV0We
P3K8bJPlbPGWyK+K2mjjCG60D4Tg5yJx7VBS9uRbKPK8PPisenmE9+z1GIf+IFT/
hhP2osqSI97Q0ckl7FxZIrIA1KymKu0DFQkt9zF5ztaM/0gtbxLs9dZoOds0dzYg
SQQzS9GSySV/iY4TZvJpHi40f0SwN6rgEd8tBRKMx0tW57qrFAD4/sXTIETmxs4t
cgn0A9WNWQcxjCbixeyeX4Wq7p9b+sbAKTgwV9rc/E18TaI4Y1eUwQE/8srHg8Oi
NSND81yH/UPSStEZQn9INFcxRDK3k64S5QtFyRmjlVQzzaZIqtu5VvbUP+cmi3gP
FHqDAV9Bjpo+Xqz2FWrYcAyGv9iC3kBW3TtMceuvSQHTF9pF4KlMAjyu42Krw4EY
0MAY9CMO0AxiBToeEY+fZIk3GQoE6cRbZbQAUcYga5OfPV0YRUvvUz8g5gsXHZlI
mgTbNhgoI0RI42fsBFduOzdrbELL0FR1Tc5qbDi889E9AbcBCaWgsiZlrXvEr8xt
Je/vlKvmg25hY71BbqGb3oa6uYlEYkaby5eJ8rxdc5qJq3qrkWgxriwypzXm/kmh
VGQXOQfDEYd0crU/QwtKfqcWBYW2q/mZqRSaxYZkF7S7uJ7KZnk=
=JNcj
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds