Your message dated Fri, 07 Dec 2018 20:45:16 +0000
with message-id <[email protected]>
and subject line Bug#913912: fixed in libphp-phpmailer 5.2.14+dfsg-2.3+deb9u1
has caused the Debian Bug report #913912,
regarding libphp-phpmailer: CVE-2018-19296
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
913912: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913912
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libphp-phpmailer
Version: 5.2.14+dfsg-2.3
Severity: grave
Tags: patch security upstream
Hi,
The following vulnerability was published for libphp-phpmailer.
CVE-2018-19296[0]:
| PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object
| injection attack.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-19296
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19296
[1]
https://github.com/PHPMailer/PHPMailer/commit/f1231a9771505f4f34da060390d82eadb8448271
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libphp-phpmailer
Source-Version: 5.2.14+dfsg-2.3+deb9u1
We believe that the bug you reported is fixed in the latest version of
libphp-phpmailer, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated libphp-phpmailer
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 01 Dec 2018 15:09:47 +0100
Source: libphp-phpmailer
Binary: libphp-phpmailer
Architecture: source
Version: 5.2.14+dfsg-2.3+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian PHP PEAR Maintainers <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Description:
libphp-phpmailer - full featured email transfer class for PHP
Closes: 913912
Changes:
libphp-phpmailer (5.2.14+dfsg-2.3+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* object injection vulnerability (CVE-2018-19296) (Closes: #913912)
Checksums-Sha1:
47838164fd361427768d694f19402a3f7cc4310b 2271
libphp-phpmailer_5.2.14+dfsg-2.3+deb9u1.dsc
e50440d06aa1f4313f6fa389610a209f04e6e65b 181823
libphp-phpmailer_5.2.14+dfsg.orig.tar.gz
a85390fe0362b603c98f90bdc9468e50f3acecf2 10984
libphp-phpmailer_5.2.14+dfsg-2.3+deb9u1.debian.tar.xz
9e8b446277df6835d7b91ee693b9bdd7773f0088 6185
libphp-phpmailer_5.2.14+dfsg-2.3+deb9u1_source.buildinfo
Checksums-Sha256:
b79e23f2f8a9593740752050dea5e3528009a26c6de8c4d811b964bddb3daee6 2271
libphp-phpmailer_5.2.14+dfsg-2.3+deb9u1.dsc
781867a508160136ab5b8792c893e40775c583708ff2b90904f57fb6b0bd6370 181823
libphp-phpmailer_5.2.14+dfsg.orig.tar.gz
fb865b24e5c4d4f78c51a7c30257fede66d7fbc558646f9b3085256a13ea806b 10984
libphp-phpmailer_5.2.14+dfsg-2.3+deb9u1.debian.tar.xz
a8804929f2457a3ecfbafccc74626a49b2e2e3665b55bd12edcf09eeb563f049 6185
libphp-phpmailer_5.2.14+dfsg-2.3+deb9u1_source.buildinfo
Files:
c99a5cdca84e063b3525ab62808b6bf8 2271 php optional
libphp-phpmailer_5.2.14+dfsg-2.3+deb9u1.dsc
f80d964ba6574a8aeca45e078aec0f39 181823 php optional
libphp-phpmailer_5.2.14+dfsg.orig.tar.gz
2c393188020f4a549432988f08cf9798 10984 php optional
libphp-phpmailer_5.2.14+dfsg-2.3+deb9u1.debian.tar.xz
a37570f8274cf6233ed8b46fa73803c0 6185 php optional
libphp-phpmailer_5.2.14+dfsg-2.3+deb9u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlwJhhtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EczcQAJUfIhfaAnO4KNAd2WF42hQOSPXqKePd
7vpG2MFtCXGcY3Whfcd0hAcF4rqmqYkjEQwd0y4aN3UcT9VsS0FYE0gZlbdv80q9
R7ZxWp6/Y7Y2ISepPqkun3fVi9HkfvqypnQnz1J/v2DeAQw2n2DeMfJQogG61Qaj
TMlItK04Kq0VZC9Ex7b22emS5dq60F1zycET7f/UsrDCz4NPPXEyTV3GtrO3Hggh
QtnoYQOiinufcnOjv0GHs4QN285IbVxOWuGFr51GG2b82fY9Erb8W1ojH/0a5g+z
fbErEC7JorKlsutD4Tw/co3yOzSXD8XgwQC7+sR/9gLAT907W/WYLqbD4+qxt9iy
TydMoJU3heOiKKAw43M2CexE3JlDTE7OD06cudkPwjaMsGx7bcmpWkR3UHjJ8Orn
rnwjNLsZDdEeBti4TDAmmEuePLzY090JXxaYDOXr0uExuaNE/grVCB8bIWS+nZFx
Q8yfduY/LV9dwVvjnviA6EoZ0YoqBliAplsGu/QjDI4CHJL7Cr+IQzGPDEGmXS/d
LoNNUmcoSCjui4vnQVpvqMftbPwgy10XE9Ro8mJrc8P/gy7/vSBJS6UkTqBjiOE0
kFuRdBqVH1xVGJCtNPCxGQKctP+fR14GDnjos2Es3ihk54tE0s05r42i3gGO6T7T
Wlw1AkvGTrEY
=8Upl
-----END PGP SIGNATURE-----
--- End Message ---
