Bug#807265: marked as done (libphp-phpmailer: CVE-2015-8476: Message Injection Vulnerability)

Mon, 14 Dec 2015 14:52:24 -0800 

Your message dated Mon, 14 Dec 2015 22:49:52 +0000
with message-id <[email protected]>
and subject line Bug#807265: fixed in libphp-phpmailer 5.1-1.1
has caused the Debian Bug report #807265,
regarding libphp-phpmailer: CVE-2015-8476: Message Injection Vulnerability
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
807265: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807265
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: libphp-phpmailer
Version: 5.2.9+dfsg-2
Severity: important
Tags: security upstream patch fixed-upstream

Hi,

the following vulnerability was published for libphp-phpmailer.

CVE-2015-8476[0]:
PHPMailer Message Injection Vulnerability

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-8476
[1] 
https://github.com/PHPMailer/PHPMailer/commit/6687a96a18b8f12148881e4ddde795ae477284b0

Please adjust the affected versions in the BTS as needed, in
particular wheezy version not checked.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: libphp-phpmailer
Source-Version: 5.1-1.1

We believe that the bug you reported is fixed in the latest version of
libphp-phpmailer, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Chris Lamb <[email protected]> (supplier of updated libphp-phpmailer package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 10 Dec 2015 07:55:03 +0200
Source: libphp-phpmailer
Binary: libphp-phpmailer
Architecture: source all
Version: 5.1-1.1
Distribution: oldstable-security
Urgency: high
Maintainer: Kevin Coyner <[email protected]>
Changed-By: Chris Lamb <[email protected]>
Description: 
 libphp-phpmailer - full featured email transfer class for PHP
Closes: 807265
Changes: 
 libphp-phpmailer (5.1-1.1) oldstable-security; urgency=high
 .
   * CVE-2015-8476: Reject line breaks in to, from, and HELO calls to avoid
     command injection. (Closes: #807265)
Checksums-Sha1: 
 1d40998a00f76fba38c4a4f2f3e1e00676826ec2 1725 libphp-phpmailer_5.1-1.1.dsc
 d6de376dfac6251624c18f97609163e942dad393 84081 libphp-phpmailer_5.1.orig.tar.gz
 a62ab1e119ed3f8a479a1c5637846516bb4145e5 3624 libphp-phpmailer_5.1-1.1.diff.gz
 6d33cccc042837928ed9552e2ae0850bf43c6cbc 77048 libphp-phpmailer_5.1-1.1_all.deb
Checksums-Sha256: 
 f178463502f21bda940bc4b64662eaf378f69dff4040ea331a4286aff84c6739 1725 
libphp-phpmailer_5.1-1.1.dsc
 f64b366c760d625133010ef94f30e71a4f5101ae980a733bdba2d67350f00a11 84081 
libphp-phpmailer_5.1.orig.tar.gz
 c1b1345b2670fee8aedc27d18512eb85bd79112fba86fb336f98369190377984 3624 
libphp-phpmailer_5.1-1.1.diff.gz
 d9982adb2a8a6a768b4dcba949ceb974a4d3287e0497dc637c5d83f5fafeca2d 77048 
libphp-phpmailer_5.1-1.1_all.deb
Files: 
 bf81f2766851461ad5571a8bce9c3a11 1725 php optional libphp-phpmailer_5.1-1.1.dsc
 6e81fc229f88f7d9dd7cf70d65296ef8 84081 php optional 
libphp-phpmailer_5.1.orig.tar.gz
 15603748761f2fb83f518721c3a86b6e 3624 php optional 
libphp-phpmailer_5.1-1.1.diff.gz
 c654140908498b5e740a5318eb48c225 77048 php optional 
libphp-phpmailer_5.1-1.1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWaRSwAAoJEB6VPifUMR5Yf9cP/j+JEv1wT0q9vFQuKjhkuwrc
NPlCNZMCQ6Xl9vgqgDrDZFpACUoTQMW+PpopDN3P3Im7WdHbpTQOBgqqH0hTI8Ab
huH3GAHlIzLBr+7W2JlnkqR4DumLGZIr0DWa2e3C9g3dSTvO4PKvx20gqo428/dI
htZVGeC0N/qfcyQlx/VxAm2VDn4zPBPWETAYB+tdnx2i2pc3fkRU0U32TN7qwj7T
CU5g0m0RKWvpZVecQcXpuzpBCjphd67b3+LNuq3oZKS9appff2gPT+KCI9uMZMS9
5VFGUKpFzwfme4usH4TglZLcMhuw0Ohijh0pMozRTNCviuTM8OyjFcdpPTo5tZKn
tqHEEfXf/Cn2ISP08svmDk9ZYqhy4O2/NT7jDFCKVRWiMmbvoewTdWEfsDdNBXVB
b9Drp0QbwOWLQetKOoXoBtT07OpOahSj5V+qshB7YYb7ejLemgqYcc7+vbjQYEt+
4PuCR4rvA4a4tZ7D4lD9ZhCkXJng/Ocf87EqBBPlLe8wVJIPu90p/+G5voozdQ0k
izyn+xyCjpys10tIcylXSKoyxj+gV+crQ1V/SZ7rEjAnPnNsLdhS6gxFxguxMIZc
ijdM66VfWKkYPuWIZe7yZfmpX7WsAw6yRJ20kOdQWBz/FyFvQK2TjtJl6ZI7U1cc
A1ffBLMe0vZNmAA5HxuM
=BTKs
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to