Bug#807265: marked as done (libphp-phpmailer: CVE-2015-8476: Message Injection Vulnerability)

Tue, 08 Dec 2015 10:57:38 -0800 

Your message dated Tue, 08 Dec 2015 18:54:01 +0000
with message-id <[email protected]>
and subject line Bug#807265: fixed in libphp-phpmailer 5.1-1+deb6u11
has caused the Debian Bug report #807265,
regarding libphp-phpmailer: CVE-2015-8476: Message Injection Vulnerability
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
807265: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807265
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: libphp-phpmailer
Version: 5.2.9+dfsg-2
Severity: important
Tags: security upstream patch fixed-upstream

Hi,

the following vulnerability was published for libphp-phpmailer.

CVE-2015-8476[0]:
PHPMailer Message Injection Vulnerability

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-8476
[1] 
https://github.com/PHPMailer/PHPMailer/commit/6687a96a18b8f12148881e4ddde795ae477284b0

Please adjust the affected versions in the BTS as needed, in
particular wheezy version not checked.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: libphp-phpmailer
Source-Version: 5.1-1+deb6u11

We believe that the bug you reported is fixed in the latest version of
libphp-phpmailer, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Chris Lamb <[email protected]> (supplier of updated libphp-phpmailer package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 08 Dec 2015 20:11:13 +0200
Source: libphp-phpmailer
Binary: libphp-phpmailer
Architecture: source all
Version: 5.1-1+deb6u11
Distribution: squeeze-lts
Urgency: high
Maintainer: Kevin Coyner <[email protected]>
Changed-By: Chris Lamb <[email protected]>
Description: 
 libphp-phpmailer - full featured email transfer class for PHP
Closes: 807265
Changes: 
 libphp-phpmailer (5.1-1+deb6u11) squeeze-lts; urgency=high
 .
   * CVE-2015-8476: Reject line breaks in to, from, and HELO calls to avoid
     command injection. (Closes: #807265)
Checksums-Sha1: 
 ae99cbff831f747c193edcc24fac878ea221f46d 1699 
libphp-phpmailer_5.1-1+deb6u11.dsc
 d6de376dfac6251624c18f97609163e942dad393 84081 libphp-phpmailer_5.1.orig.tar.gz
 4a63a4cc8463e5e48867f4a475568f487e60ed84 3677 
libphp-phpmailer_5.1-1+deb6u11.diff.gz
 3c3ef34dfb5bf95f1bd2e8a3e8336cd90b1942e5 77058 
libphp-phpmailer_5.1-1+deb6u11_all.deb
Checksums-Sha256: 
 e205ce3793526d482c59786abecbc3a70f56f25bbd2395e9fc694bd7fc49560b 1699 
libphp-phpmailer_5.1-1+deb6u11.dsc
 f64b366c760d625133010ef94f30e71a4f5101ae980a733bdba2d67350f00a11 84081 
libphp-phpmailer_5.1.orig.tar.gz
 247ae83a819e518eeb1ca8346c2b63ff8968f25854f3efdce0586f482afcb795 3677 
libphp-phpmailer_5.1-1+deb6u11.diff.gz
 1cc1d7703d515a73fe165b12aac91d96f7e7f0073c941527aa7562b771d7824d 77058 
libphp-phpmailer_5.1-1+deb6u11_all.deb
Files: 
 264090a97b94dfabf45d11d010e8bbda 1699 php optional 
libphp-phpmailer_5.1-1+deb6u11.dsc
 6e81fc229f88f7d9dd7cf70d65296ef8 84081 php optional 
libphp-phpmailer_5.1.orig.tar.gz
 d9d61cbc761e37cb3615592b8b4f3407 3677 php optional 
libphp-phpmailer_5.1-1+deb6u11.diff.gz
 3af0e644702654332ec27837055ef889 77058 php optional 
libphp-phpmailer_5.1-1+deb6u11_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWZyCFAAoJEB6VPifUMR5YMnwQAI1eM1lnP5vBdPw98zqbw4aP
vn/HgPa3ONkPj9jelOOqjcVj0TW17UeVanf2R6IMLRvjzPiMRhstb7aKxDoVoW4L
V/HfM6+dYLeqxHBHG8Q8SzXT+MfYQZyQNYmmQisvboqIHSmiAqboAVlKSlKIzcr7
1gMj5jee0qf758/VipZTZaiG7CoRXZ19RNVDdzDoQ7y0lARMz/A8H+KOOe0HJ3+X
HeBqnTjyNl29VNpjmai5gMuMx+4XK39KMyEYSjOUE9fU4e858WGFeLBkqnHnU4UL
BCnK3uGIEOuFucQjVGlcYQQCP3ghGaG72J5/85qFKn2aH+PjTnLjA46Cw6FIcIDF
jB+XJibTNaX7bI/qcFfJ7D8gx5U6SPcNxrYlTPTR1/dzhdtyjGjBgC4WYywNn3ZO
Qh5nwRgJkkcbjkWlVz2zvKP2E/NGsqvA56UkGmskExQEHse4mmrLZ0Ayt9nQ8eux
8P1Bd3ZwRayH74crZcHYUi1ACa2hRfDUCphvwi6dQVi0lrN2FkibD/NhaaJZtZLo
wAFfAsKhCq7avzl+OrunTv+yj9lpWP2idT/Wijvt7v6Ny8BiIoVUNkUcOOvhTK0c
Lxha7UcxmS1Ec7O2v0mj8HseIqJDEmQTUh+kavIyy8kXSeWLusvixzQ/rOcVlx7/
EuqYOzCMz5IZuXhfpAsN
=wvDl
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to