Debian Security Advisory
DLA-1591-1 libphp-phpmailer -- LTS security update
- Date Reported:
- 23 Nov 2018
- Affected Packages:
- libphp-phpmailer
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2017-5223, CVE-2018-19296.
- More information:
-
It was discovered that there were two vulnerabilities libphp-phpmailer, an email library for the PHP programming language:
- CVE-2017-5223
Local file disclosure vulnerability via relative path HTML transformations.
- CVE-2018-19296
Object injection attack.
For Debian 8
Jessie
, this issue has been fixed in libphp-phpmailer version 5.2.9+dfsg-2+deb8u4.We recommend that you upgrade your libphp-phpmailer packages.
- CVE-2017-5223