MGASA-2017-0022
- Source
- https://advisories.mageia.org/MGASA-2017-0022.html
- Import Source
- https://advisories.mageia.org/MGASA-2017-0022.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2017-0022
- Related
- Published
- 2017-01-27T09:19:09Z
- Modified
- 2017-01-27T08:46:55Z
- Summary
- Updated php-phpmailer packages fix security vulnerabilities
- Details
-
It was discovered that PHPMailer, a popular library to send email from PHP applications, allowed a remote attacker to execute code if they were able to provide a crafted Sender address (CVE-2016-10033).
It was discovered that PHPMailer prior to 5.2.22 contained a local file disclosure vulnerability if content passed to
msgHTML()was sourced from unfiltered user input (CVE-2017-5223). - References
-
- https://advisories.mageia.org/MGASA-2017-0022.html
- https://bugs.mageia.org/show_bug.cgi?id=20069
- http://kalilinux.co/2017/01/12/phpmailer-cve-2017-5223-local-information-disclosure-vulnerability-analysis/
- https://www.debian.org/security/2016/dsa-3750
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JTXZSKTKOWTVEXDS76R6GJGI3MLA2LL5/
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:5 / php-phpmailer
Package
- Name
- php-phpmailer
- Purl
- pkg:rpm/mageia/php-phpmailer?distro=mageia-5