[Git][security-tracker-team/security-tracker][master] CVE-2020-36326: add fixing commit

Emilio Pozuelo Monfort Tue, 04 May 2021 00:44:45 -0700


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9d6987ab by Emilio Pozuelo Monfort at 2021-05-04T09:43:43+02:00
CVE-2020-36326: add fixing commit

And mark as n/a on buster &amp; stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -428,8 +428,11 @@ CVE-2021-31830
        RESERVED
 CVE-2020-36326 (PHPMailer 6.1.8 through 6.4.0 allows object injection through 
Phar Des ...)
        - libphp-phpmailer <unfixed>
+       [buster] - libphp-phpmailer <not-affected> (Regression introduced in 
6.1.8)
+       [stretch] - libphp-phpmailer <not-affected> (Regression introduced in 
6.1.8)
        NOTE: Introduced by: 
https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9
 (6.1.8)
-       TODO: check if the code change eliminated the code that blocked 
addAttachment independent on Windows plattform/UNC paths
+       NOTE: Fixed by: 
https://github.com/PHPMailer/PHPMailer/commit/26f2848d3bbb57add5f34a467a1e3b2f9ce5cd2a
+       NOTE: Also backport: 
https://github.com/PHPMailer/PHPMailer/commit/7f267fb4aadfcf62e3ddc50494c469c6b9c4405a
 CVE-2021-3518 [use-after-free in xmlXIncludeDoProcess() in xinclude.c]
        RESERVED
        [experimental] - libxml2 2.9.10+dfsg-6.4



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d6987ab162f6d797550a061935db3d830bb1047

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d6987ab162f6d797550a061935db3d830bb1047
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2020-36326: add fixing commit

Reply via email to