Debian alert DSA-4351-1 (libphp-phpmailer)

From: Salvatore Bonaccorso <carnil@debian.org> To: debian-security-announce@lists.debian.org Subject: [SECURITY] [DSA 4351-1] libphp-phpmailer security update Date: Fri, 07 Dec 2018 14:51:30 +0000 Message-ID: <E1gVHTW-0008Nw-6q@seger.debian.org>

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4351-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 07, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libphp-phpmailer CVE ID : CVE-2018-19296 Debian Bug : 913912 It was discovered that PHPMailer, a library to send email from PHP applications, is prone to a PHP object injection vulnerability, potentially allowing a remote attacker to execute arbitrary code. For the stable distribution (stretch), this problem has been fixed in version 5.2.14+dfsg-2.3+deb9u1. We recommend that you upgrade your libphp-phpmailer packages. For the detailed security status of libphp-phpmailer please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libphp-phpmailer Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlwKh31fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0ThNg/+Id/B70l8gr5iLIvwYtVBiqRAD+ZZcjKGwqJxXkxjK3RU9za5BU4qRwMO usInjwMDiry+MpLvXAyMnH4WQFBY8EcziNiNMVhRiNhXwxHiwGJkxL2cizyqsZ8o U90RDQdspt351IUDN2pMa2FNirMPPoaCQ1Ix0Wmaesyep7zU/sQT+udtE97d7uUV Hjpx5JE2v5CygOavqUeK9RS1nxJ1qsRsv1E1okoKoTuYQWglgDWyWHOpDDgM6vBL Zlsm4S/SEEoU2iwY4JvJZVnUHNSmSjFtMj2V/z2S5pffyApwwz7L2N/L6ZkgI+9X qjJvNe285WF/zu4aKqsFUsdmF8QUIK+AHyuZawT0zxfHJbduGCQgL8jzCUBe9i7C 7RGQAfTVKou7uscOAPrWnPpsqFM6CGVZo0x11vAThHoamAZ6DbqzyjmaslpR7+xn /Sc1qveBLFo9vZ4nrZyguYm7bSjl5xLx4dHexYgIf6jwzc2WpAX1WthhF32hBu2k kWKqaFPd8dX4IpVGtaQzN4D34sMmcRGC7PEYRUhvO8rOmPxUIPsPc5OgWA7nhETR 5rGCGj6wFmltIbJSmaPew1SV/NsIm6gWrXUyl02sE6KXO2W9bNkeAocsQE93pwAP TLByPiua2O5TAFjPzu/QJeMkw23PseJOT1cgEArJdWH1mMxYSsg= =BKSR -----END PGP SIGNATURE-----