Bug#849365: marked as done (libphp-phpmailer: CVE-2016-10033)

2016-12-31 Thread Debian Bug Tracking System 
Your message dated Sat, 31 Dec 2016 21:02:32 +
with message-id 
and subject line Bug#849365: fixed in libphp-phpmailer 5.2.9+dfsg-2+deb8u2
has caused the Debian Bug report #849365,
regarding libphp-phpmailer: CVE-2016-10033
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
849365: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849365
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libphp-phpmailer
Version: 5.2.9+dfsg-2
Severity: grave
Tags: security upstream
Justification: user security hole

Hi,

the following vulnerability was published for libphp-phpmailer.

CVE-2016-10033[0]:
remote code execution

Details though at the point of writing this bugreport are not yet
available. It is fixed in the new upstream version 5.2.18.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-10033
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10033

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libphp-phpmailer
Source-Version: 5.2.9+dfsg-2+deb8u2

We believe that the bug you reported is fixed in the latest version of
libphp-phpmailer, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 849...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thijs Kinkhorst  (supplier of updated libphp-phpmailer 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Sat, 31 Dec 2016 10:44:49 +0100
Source: libphp-phpmailer
Binary: libphp-phpmailer
Architecture: source all
Version: 5.2.9+dfsg-2+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Debian PHP PEAR Maintainers 
Changed-By: Thijs Kinkhorst 
Description:
 libphp-phpmailer - full featured email transfer class for PHP
Closes: 849365
Changes:
 libphp-phpmailer (5.2.9+dfsg-2+deb8u2) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix CVE-2016-10033 (and CVE-2016-10045): apply commits
 4835657c 9743ff5c 833c35fe from upstream. Closes: #849365.
Checksums-Sha1:
 91a429e2dcb8a0209e3906f79ead7cb5f2d7e7ef 1766 
libphp-phpmailer_5.2.9+dfsg-2+deb8u2.dsc
 4378845c3167b57a38dce2c16803f022ef4df350 6988 
libphp-phpmailer_5.2.9+dfsg-2+deb8u2.debian.tar.xz
 cacd20630232c80e6d5af55dd0f9dd9f8826388e 130966 
libphp-phpmailer_5.2.9+dfsg-2+deb8u2_all.deb
Checksums-Sha256:
 47494de87ec3b2459ad01592f07f37b85af87eea3a75d73ea39e9abbea17915f 1766 
libphp-phpmailer_5.2.9+dfsg-2+deb8u2.dsc
 afa37d9654aa397fbf4fcede94675ed0742283dc7ef35166d00b3a074eb6e505 6988 
libphp-phpmailer_5.2.9+dfsg-2+deb8u2.debian.tar.xz
 59e1de75e1a4f5968fcac1bfbf48b3ad3f917f0f20e74dd78bff24bf877883b5 130966 
libphp-phpmailer_5.2.9+dfsg-2+deb8u2_all.deb
Files:
 bb11272cc2baf1b6e4d211d8d6f57b43 1766 php optional 
libphp-phpmailer_5.2.9+dfsg-2+deb8u2.dsc
 425e2e355f46b7ce2bd7a5af6e16e540 6988 php optional 
libphp-phpmailer_5.2.9+dfsg-2+deb8u2.debian.tar.xz
 d4e5deb28ce38bf1a47093dab069eff2 130966 php optional 
libphp-phpmailer_5.2.9+dfsg-2+deb8u2_all.deb

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEcBAEBCAAGBQJYZ3/KAAoJEFb2GnlAHawExG0H/jqZbQi0FAPN8p9FmgYCIxjh
p2pZYcpjzt/306I/in5HtXcHeQkWEzhD6Opt9F6A9ow+YONu8YHeKU20Eb+Fv4k1
658KP9N01fgUCH7D3JL49205BybNUE4eBiDw53S8IZyvJNozbMmR8qBGpYxHYYbt
s8YEBAakoGSC4T/+IPa2z7qb6E+MBrBoJifVhhtCsJ2ro+yluTa3iRkX21Zhc41b
rB7Vi3whyHgNQ+4Bdj9UyljL0bZAV73XfgLN/dR4b6+ND7oembO5f7QQSbENJ03a
FVpwRFlKCnkeY4oNNdJPrBceZgOjSBPUfqcYYPDDyvqo8tqyO6Kj5o9isWuvehg=
=PzAi
-END PGP SIGNATURE End Message ---

Bug#849365: marked as done (libphp-phpmailer: CVE-2016-10033)

2016-12-30 Thread Debian Bug Tracking System 
Your message dated Fri, 30 Dec 2016 12:19:02 +
with message-id 
and subject line Bug#849365: fixed in libphp-phpmailer 5.2.14+dfsg-2.1
has caused the Debian Bug report #849365,
regarding libphp-phpmailer: CVE-2016-10033
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
849365: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849365
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libphp-phpmailer
Version: 5.2.9+dfsg-2
Severity: grave
Tags: security upstream
Justification: user security hole

Hi,

the following vulnerability was published for libphp-phpmailer.

CVE-2016-10033[0]:
remote code execution

Details though at the point of writing this bugreport are not yet
available. It is fixed in the new upstream version 5.2.18.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-10033
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10033

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libphp-phpmailer
Source-Version: 5.2.14+dfsg-2.1

We believe that the bug you reported is fixed in the latest version of
libphp-phpmailer, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 849...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thijs Kinkhorst  (supplier of updated libphp-phpmailer 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Fri, 30 Dec 2016 11:22:28 +
Source: libphp-phpmailer
Binary: libphp-phpmailer
Architecture: source all
Version: 5.2.14+dfsg-2.1
Distribution: unstable
Urgency: high
Maintainer: Debian PHP PEAR Maintainers 
Changed-By: Thijs Kinkhorst 
Description:
 libphp-phpmailer - full featured email transfer class for PHP
Closes: 849365
Changes:
 libphp-phpmailer (5.2.14+dfsg-2.1) unstable; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix CVE-2016-10033 (and CVE-2016-10045): apply commits
 4835657c 9743ff5c 833c35fe from upstream. Closes: #849365.
Checksums-Sha1:
 df5692fde82a79d13099b6a98bed3b2c3c7df035 1725 
libphp-phpmailer_5.2.14+dfsg-2.1.dsc
 9377456502201ad9726ca3380085989b403d0a32 8376 
libphp-phpmailer_5.2.14+dfsg-2.1.debian.tar.xz
 21787b4f76e05cc9fcccb13c44fbcacd6f88c26e 146990 
libphp-phpmailer_5.2.14+dfsg-2.1_all.deb
 1fa767c9ca5d65243265c9e73f83fc8bdf4b5ed9 5448 
libphp-phpmailer_5.2.14+dfsg-2.1_amd64.buildinfo
Checksums-Sha256:
 41896a97b246e3802e3feb1794e6408985dbb93461b1a2210dde4c50c5b40887 1725 
libphp-phpmailer_5.2.14+dfsg-2.1.dsc
 2baeddfecc1d58c5fa145df86f3934a54f3b770b57f5322f225c211ddb21ac53 8376 
libphp-phpmailer_5.2.14+dfsg-2.1.debian.tar.xz
 ee7d6edceaab0e492c24e813e020bea57d70fc562df982686f3039f99fc97243 146990 
libphp-phpmailer_5.2.14+dfsg-2.1_all.deb
 91af522e6479ef466562777f1e3498f95e6b94d74259d0ab803b81a891a47a68 5448 
libphp-phpmailer_5.2.14+dfsg-2.1_amd64.buildinfo
Files:
 17c85cb076d7c537cc74832345bd59f8 1725 php optional 
libphp-phpmailer_5.2.14+dfsg-2.1.dsc
 1083c3c296bc7d14467fadb38d685737 8376 php optional 
libphp-phpmailer_5.2.14+dfsg-2.1.debian.tar.xz
 24ff78c1b9bbf205e38ff0ec7d39f234 146990 php optional 
libphp-phpmailer_5.2.14+dfsg-2.1_all.deb
 d19f70cf7582391ee9b584ef71600aef 5448 php optional 
libphp-phpmailer_5.2.14+dfsg-2.1_amd64.buildinfo

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEcBAEBCAAGBQJYZk4BAAoJEFb2GnlAHawETXAH/A966SYswH+JzvJEum6quLRV
wz5zIaGgoVu2E5Jh5y9r3JdgZGwmwsC8faPbHF4O27uoX1ko4QPn+wqhivpu3UCA
03KNHV2/ABkK/T3QdjVbtJkJo/5nf1pL3Ktcop+jiGmyUMSO5Op8e0PI4gxbOdjf
IhXXmfZ/bfzcWMBjOwmQkIG2rnfQkl58RzJBdaeh5xH6VFPAEZC7SjFS+nQBYjlc
d/fp8iFflDUi9Vy4KEqw0+JMqcTBX/2rpRpeK98rrIk6zlhxD0lG+fWbEMNKl1Pn
8XHeIgXg3dtx9SjYISobc3auL/XV16leUHqH/BL1L4mF4ci2gYqwRihtatwgEdg=
=/cAe
-END PGP SIGNATURE End Message ---