Your message dated Sun, 13 Dec 2015 23:17:09 +0000
with message-id <[email protected]>
and subject line Bug#807265: fixed in libphp-phpmailer 5.2.9+dfsg-2+deb8u1
has caused the Debian Bug report #807265,
regarding libphp-phpmailer: CVE-2015-8476: Message Injection Vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
807265: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807265
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libphp-phpmailer
Version: 5.2.9+dfsg-2
Severity: important
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for libphp-phpmailer.
CVE-2015-8476[0]:
PHPMailer Message Injection Vulnerability
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-8476
[1]
https://github.com/PHPMailer/PHPMailer/commit/6687a96a18b8f12148881e4ddde795ae477284b0
Please adjust the affected versions in the BTS as needed, in
particular wheezy version not checked.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libphp-phpmailer
Source-Version: 5.2.9+dfsg-2+deb8u1
We believe that the bug you reported is fixed in the latest version of
libphp-phpmailer, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
David Prévot <[email protected]> (supplier of updated libphp-phpmailer package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 07 Dec 2015 09:32:13 -0400
Source: libphp-phpmailer
Binary: libphp-phpmailer
Architecture: source all
Version: 5.2.9+dfsg-2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian PHP PEAR Maintainers <[email protected]>
Changed-By: David Prévot <[email protected]>
Description:
libphp-phpmailer - full featured email transfer class for PHP
Closes: 807265
Changes:
libphp-phpmailer (5.2.9+dfsg-2+deb8u1) jessie-security; urgency=high
.
* gbp.conf: Track the jessie branch
* Backport fix from 5.2.14:
PHPMailer Message Injection Vulnerability [CVE-2015-8476] (Closes: #807265)
Checksums-Sha1:
86d92e7b64e9070d9d2b78aa66f6a851241f5978 1766
libphp-phpmailer_5.2.9+dfsg-2+deb8u1.dsc
3570dabee592d1525136e0959700c85d790d3280 151878
libphp-phpmailer_5.2.9+dfsg.orig.tar.gz
ac47356fc4b460af5831319ed834257de8ea959a 5476
libphp-phpmailer_5.2.9+dfsg-2+deb8u1.debian.tar.xz
cd7192d05ad0a5c424b29ad8b0e11ed49d5bce69 129950
libphp-phpmailer_5.2.9+dfsg-2+deb8u1_all.deb
Checksums-Sha256:
d03e3b77873a376f3538e226b288b6d2c3f2cce3f4302f21de4cedc3d03a0b45 1766
libphp-phpmailer_5.2.9+dfsg-2+deb8u1.dsc
c1aa13b418eede3e0dab351fb6d8a9a877a536379f11e142ecd50764405260e9 151878
libphp-phpmailer_5.2.9+dfsg.orig.tar.gz
5cdc24c50884c5b6e00e4837d287cbb88842879f28a8750147264d27d6519e7f 5476
libphp-phpmailer_5.2.9+dfsg-2+deb8u1.debian.tar.xz
d1a4f902495806d643d34375a8d3431f637b3a16f501ecdedbd69d83118754c5 129950
libphp-phpmailer_5.2.9+dfsg-2+deb8u1_all.deb
Files:
e3f389086f59363dffb529aa6c76bc53 1766 php optional
libphp-phpmailer_5.2.9+dfsg-2+deb8u1.dsc
ac2201e869561115b347ed0b2140650b 151878 php optional
libphp-phpmailer_5.2.9+dfsg.orig.tar.gz
0b2addbb8cc2204db882a3bd2d66a2fb 5476 php optional
libphp-phpmailer_5.2.9+dfsg-2+deb8u1.debian.tar.xz
467c904e2c799885ca98c7c43a91f20f 129950 php optional
libphp-phpmailer_5.2.9+dfsg-2+deb8u1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJWaLkHAAoJEAWMHPlE9r08ascH/2PPvPnxyqk8Z6kZWOYnKlDg
rnoRK6EOOH9Kf2yUG1DEiVefXP5zR1PqgWd+GpgXf2j2ZJS2dnCYN7Db58PZbzHD
Hou7KL9WqfWPeRI9pies3mJdL3XCzd0gLWVF6zx7x7kok3/EWdBcuceGo+v4YY/V
jHJWBK6T78sJhLYsErQj+O7iP3S+qP1GGA5oTFNQ7pQlUAOMfOg0Q3+1l2oohq1L
3lvbEeEIvHSsWgvOIP02KLmTF/sdqg9QguVdDs8uLFnQRyWTzF68VRddE+iO2Ei2
/TDWOFCOzxTWgrLGZJgEr01DfnZk1BFodwnIXfBw1WX7R0fwvB0w6C2z+a2xsOw=
=fRUK
-----END PGP SIGNATURE-----
--- End Message ---
