Debian Long Term Support / LTS Security Information / 2017 / Security Information -- DLA-817-1 libphp-phpmailer

Debian Security Advisory

DLA-817-1 libphp-phpmailer -- LTS security update

Date Reported:

06 Feb 2017

Affected Packages:

libphp-phpmailer

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2017-5223.

More information:

It was discovered that there was a local file disclosure vulnerability in libphp-phpmailer, a email transfer class for PHP, where insufficient parsing of HTML messages could potentially be used by attacker to read a local file.

For Debian 7 Wheezy, this issue has been fixed in libphp-phpmailer version 5.1-1.3+deb7u1.

We recommend that you upgrade your libphp-phpmailer packages.