Your message dated Mon, 07 Dec 2015 13:34:17 +0000
with message-id <[email protected]>
and subject line Bug#807265: fixed in libphp-phpmailer 5.2.14+dfsg-1
has caused the Debian Bug report #807265,
regarding libphp-phpmailer: CVE-2015-8476: Message Injection Vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
807265: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807265
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libphp-phpmailer
Version: 5.2.9+dfsg-2
Severity: important
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for libphp-phpmailer.
CVE-2015-8476[0]:
PHPMailer Message Injection Vulnerability
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-8476
[1]
https://github.com/PHPMailer/PHPMailer/commit/6687a96a18b8f12148881e4ddde795ae477284b0
Please adjust the affected versions in the BTS as needed, in
particular wheezy version not checked.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libphp-phpmailer
Source-Version: 5.2.14+dfsg-1
We believe that the bug you reported is fixed in the latest version of
libphp-phpmailer, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
David Prévot <[email protected]> (supplier of updated libphp-phpmailer package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 06 Dec 2015 19:03:36 -0400
Source: libphp-phpmailer
Binary: libphp-phpmailer
Architecture: source
Version: 5.2.14+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PHP PEAR Maintainers <[email protected]>
Changed-By: David Prévot <[email protected]>
Description:
libphp-phpmailer - full featured email transfer class for PHP
Closes: 807265
Changes:
libphp-phpmailer (5.2.14+dfsg-1) unstable; urgency=medium
.
* Team upload
.
[ Synchro ]
* Don't allow line breaks in addresses [CVE-2015-8476] (Closes: #807265)
* Don't allow line breaks in SMTP commands
* Bump version to 5.2.14
.
[ David Prévot ]
* Remove self from Uploaders
* Fix actual autoloader path
Checksums-Sha1:
4f3794e03c0dc8fcb062dfef33287987a4735609 1717
libphp-phpmailer_5.2.14+dfsg-1.dsc
e50440d06aa1f4313f6fa389610a209f04e6e65b 181823
libphp-phpmailer_5.2.14+dfsg.orig.tar.gz
5e668640bc220f2b7f99c2b557cc39e8aba63229 6760
libphp-phpmailer_5.2.14+dfsg-1.debian.tar.xz
Checksums-Sha256:
c399c8683f5edffc33bdd860ac4c04d86246262c86378aca21f7667a00ed970d 1717
libphp-phpmailer_5.2.14+dfsg-1.dsc
781867a508160136ab5b8792c893e40775c583708ff2b90904f57fb6b0bd6370 181823
libphp-phpmailer_5.2.14+dfsg.orig.tar.gz
d59bfebc36e0ed34b7243e3c31ef561569dd351a5950bb9d2563dee41b572887 6760
libphp-phpmailer_5.2.14+dfsg-1.debian.tar.xz
Files:
1174a4d808097d88d3d1d6603809ca67 1717 php optional
libphp-phpmailer_5.2.14+dfsg-1.dsc
f80d964ba6574a8aeca45e078aec0f39 181823 php optional
libphp-phpmailer_5.2.14+dfsg.orig.tar.gz
62406a535e24012ed5b0f1ebca223123 6760 php optional
libphp-phpmailer_5.2.14+dfsg-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJWZPHJAAoJEAWMHPlE9r08vSsH/1j9/0IobshV/wwT71pJqidg
ceBcq6/6kPaDOpmlaUjW+8PlvsKNwbej8RwtPmCgtgUO3QjdV9nU4SbodtH8UMyS
OK1juAJ5B/TKnRb5N5hw2eXLuzWpO0qxpZRfytPQcenBgXVqZu9SuIrCHmoUI2wF
PjTUad6PTL/KLi4KeawJ4dh1A0lFZ3FlXTqzNJa8Ss68vqaJceMX6++k8ZGsq97O
WqbPdSoDTKcf1wqyfDSVn1qr0pqgcGrRl3uwHbFUyIMHQHxzXeTopO9qz2IoCMpC
XzTdDw1sfU1q6EoCb5SxQvl5MNKD5I35/g1L7vwTZS7Qkh0g+SQYU+e0Kl6LT4Y=
=Jq9J
-----END PGP SIGNATURE-----
--- End Message ---
