[jira] [Commented] (AIRAVATA-2297) Upgrade PHPMailer to >= 5.2.20 to address CVE-2016-10045

Marcus Christie (JIRA) Thu, 05 Jan 2017 05:47:11 -0800

    [ 
https://issues.apache.org/jira/browse/AIRAVATA-2297?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15801384#comment-15801384
 ]


Marcus Christie commented on AIRAVATA-2297:
-------------------------------------------

Looks like PGA also indirectly pulls in swiftmailer because Laravel depends on 
it.

https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html

> Upgrade PHPMailer to >= 5.2.20 to address CVE-2016-10045
> --------------------------------------------------------
>
>                 Key: AIRAVATA-2297
>                 URL: https://issues.apache.org/jira/browse/AIRAVATA-2297
>             Project: Airavata
>          Issue Type: Bug
>          Components: PGA PHP Web Gateway
>            Reporter: Marcus Christie
>            Assignee: Marcus Christie
>            Priority: Critical
>             Fix For: 0.17
>
>
> PGA uses [PHPMailer version 
> 5.2.13|https://github.com/apache/airavata-php-gateway/blob/8a7330c205d9e37bf8fbf9a062bdcf24d44d95c1/composer.json#L9].
>  Looks like a new release, [5.2.20| 
> https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.20], fixes the 
> security exploit mentioned in [this security 
> bulletin|https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html].



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (AIRAVATA-2297) Upgrade PHPMailer to >= 5.2.20 to address CVE-2016-10045

Reply via email to